From 591c82620eeb74a012d4614b9f16db74a7fd84f9 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 18 Jun 2018 04:33:41 +0000 Subject: activitypub: filter destination list for announce activities differently than normal (closes #164) --- lib/pleroma/user.ex | 28 ++++++++++++++++++++++------ lib/pleroma/web/activity_pub/activity_pub.ex | 18 ++++++++++++++++++ 2 files changed, 40 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index b27397e13..856f27e10 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -449,13 +449,29 @@ defmodule Pleroma.User do update_and_set_cache(cs) end + def get_notified_from_activity_query(to) do + from( + u in User, + where: u.ap_id in ^to, + where: u.local == true + ) + end + + def get_notified_from_activity(%Activity{recipients: to, data: %{"type" => "Announce"} = data}) do + object = Object.get_by_ap_id(data["object"]) + + # ensure that the actor who published the announced object appears only once + to = + (to ++ [object.data["actor"]]) + |> Enum.uniq() + + query = get_notified_from_activity_query(to) + + Repo.all(query) + end + def get_notified_from_activity(%Activity{recipients: to}) do - query = - from( - u in User, - where: u.ap_id in ^to, - where: u.local == true - ) + query = get_notified_from_activity_query(to) Repo.all(query) end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 267427a23..a4b49e73c 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -12,6 +12,24 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do @instance Application.get_env(:pleroma, :instance) + # For Announce activities, we filter the recipients based on following status for any actors + # that match actual users. See issue #164 for more information about why this is necessary. + def get_recipients(%{"type" => "Announce"} = data) do + recipients = (data["to"] || []) ++ (data["cc"] || []) + actor = User.get_cached_by_ap_id(data["actor"]) + + recipients + |> Enum.filter(fn recipient -> + case User.get_cached_by_ap_id(recipient) do + nil -> + true + + user -> + User.following?(user, actor) + end + end) + end + def get_recipients(data) do (data["to"] || []) ++ (data["cc"] || []) end -- cgit v1.2.3 From 6f384d35ddc4682e3b845b0224ca620fbdd93785 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 18 Jun 2018 05:11:05 +0000 Subject: ostatus: we need to include the original author of a message as a mention this is due to the use of activity.recipients which may not necessarily contain the original author if the actors are not following each other. --- lib/pleroma/web/ostatus/activity_representer.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/ostatus/activity_representer.ex b/lib/pleroma/web/ostatus/activity_representer.ex index 4179d86c9..4c4a0c233 100644 --- a/lib/pleroma/web/ostatus/activity_representer.ex +++ b/lib/pleroma/web/ostatus/activity_representer.ex @@ -184,7 +184,10 @@ defmodule Pleroma.Web.OStatus.ActivityRepresenter do retweeted_xml = to_simple_form(retweeted_activity, retweeted_user, true) - mentions = activity.recipients |> get_mentions + mentions = + ([retweeted_user.ap_id] ++ activity.recipients) + |> Enum.uniq() + |> get_mentions() [ {:"activity:object-type", ['http://activitystrea.ms/schema/1.0/activity']}, -- cgit v1.2.3 From 7e0f62acee35a9e2738caab97deffdaae6a822c4 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 18 Jun 2018 05:23:54 +0000 Subject: object: add helper functions to handle various forms of a given object and return a normalized one --- lib/pleroma/object.ex | 4 ++++ lib/pleroma/user.ex | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index ff2af4a6f..1bcff5a7b 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -27,6 +27,10 @@ defmodule Pleroma.Object do Repo.one(from(object in Object, where: fragment("(?)->>'id' = ?", object.data, ^ap_id))) end + def normalize(obj) when is_map(obj), do: Object.get_by_ap_id(obj["id"]) + def normalize(ap_id) when is_binary(ap_id), do: Object.get_by_ap_id(ap_id) + def normalize(_), do: nil + def get_cached_by_ap_id(ap_id) do if Mix.env() == :test do get_by_ap_id(ap_id) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 856f27e10..d68aef52a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -458,7 +458,7 @@ defmodule Pleroma.User do end def get_notified_from_activity(%Activity{recipients: to, data: %{"type" => "Announce"} = data}) do - object = Object.get_by_ap_id(data["object"]) + object = Object.normalize(data["object"]) # ensure that the actor who published the announced object appears only once to = -- cgit v1.2.3 From 4807a52284250e1663da0ba31c57a0c05861b797 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 05:46:37 +0000 Subject: user: support creating an actor which represents the instance itself --- lib/pleroma/user.ex | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index df22d29a8..640c34aec 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -637,6 +637,22 @@ defmodule Pleroma.User do end end + def get_or_create_instance_user do + if user = get_by_ap_id(Pleroma.Web.Endpoint.url()) do + user + else + changes = + %User{} + |> cast(%{}, [:ap_id, :nickname, :local]) + |> put_change(:ap_id, Pleroma.Web.Endpoint.url()) + |> put_change(:nickname, nil) + |> put_change(:local, true) + + {:ok, user} = Repo.insert(changes) + user + end + end + # AP style def public_key_from_info(%{ "source_data" => %{"publicKey" => %{"publicKeyPem" => public_key_pem}} -- cgit v1.2.3 From 00e890264c10b21d780c0106d29e42c507df1cbb Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 06:11:51 +0000 Subject: activitypub: represent relay actor at instance root --- .../web/activity_pub/activity_pub_controller.ex | 11 +++++++++ lib/pleroma/web/activity_pub/views/user_view.ex | 27 ++++++++++++++++++++++ lib/pleroma/web/router.ex | 6 +++++ 3 files changed, 44 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index d337532d0..a858b5df9 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -107,6 +107,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do json(conn, "ok") end + def relay(conn, params) do + with %User{} = user <- User.get_or_create_instance_user(), + {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do + conn + |> put_resp_header("content-type", "application/activity+json") + |> json(UserView.render("user.json", %{user: user})) + else + nil -> {:error, :not_found} + end + end + def errors(conn, {:error, :not_found}) do conn |> put_status(404) diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 41bfe5048..52f09fcd5 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -9,6 +9,33 @@ defmodule Pleroma.Web.ActivityPub.UserView do alias Pleroma.Web.ActivityPub.Utils import Ecto.Query + # the instance itself is not a Person, but instead an Application + def render("user.json", %{user: %{nickname: nil} = user}) do + {:ok, user} = WebFinger.ensure_keys_present(user) + {:ok, _, public_key} = Salmon.keys_from_pem(user.info["keys"]) + public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key) + public_key = :public_key.pem_encode([public_key]) + + %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => user.ap_id, + "type" => "Application", + "inbox" => "#{user.ap_id}/inbox", + "name" => "Pleroma", + "summary" => "Virtual actor for Pleroma relay", + "url" => user.ap_id, + "manuallyApprovesFollowers" => false, + "publicKey" => %{ + "id" => "#{user.ap_id}#main-key", + "owner" => user.ap_id, + "publicKeyPem" => public_key + }, + "endpoints" => %{ + "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" + } + } + end + def render("user.json", %{user: user}) do {:ok, user} = WebFinger.ensure_keys_present(user) {:ok, _, public_key} = Salmon.keys_from_pem(user.info["keys"]) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index fc7a947aa..1f9bccf55 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -318,6 +318,12 @@ defmodule Pleroma.Web.Router do end if @federating do + scope "/", Pleroma.Web.ActivityPub do + # XXX: not really ostatus either + pipe_through(:ostatus) + get("/", ActivityPubController, :relay) + end + scope "/", Pleroma.Web.ActivityPub do pipe_through(:activitypub) post("/users/:nickname/inbox", ActivityPubController, :inbox) -- cgit v1.2.3 From b7ca7f282ac43fcbda63c822553497baa0009835 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 06:15:22 +0000 Subject: activitypub: refactor relay concerns into new relay module --- lib/pleroma/web/activity_pub/activity_pub_controller.ex | 3 ++- lib/pleroma/web/activity_pub/relay.ex | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 lib/pleroma/web/activity_pub/relay.ex (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index a858b5df9..52b2a467e 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -3,6 +3,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do alias Pleroma.{User, Object} alias Pleroma.Web.ActivityPub.{ObjectView, UserView} alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.Federator require Logger @@ -108,7 +109,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do end def relay(conn, params) do - with %User{} = user <- User.get_or_create_instance_user(), + with %User{} = user <- Relay.get_actor(), {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do conn |> put_resp_header("content-type", "application/activity+json") diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex new file mode 100644 index 000000000..736d0e406 --- /dev/null +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -0,0 +1,7 @@ +defmodule Pleroma.Web.ActivityPub.Relay do + alias Pleroma.User + + def get_actor do + User.get_or_create_instance_user() + end +end -- cgit v1.2.3 From 7bed350a23c8028d279214f1a0b1c344300af133 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 06:18:15 +0000 Subject: config: allow relaying to be disabled --- lib/pleroma/web/router.ex | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1f9bccf55..fc9d2d988 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.Router do @instance Application.get_env(:pleroma, :instance) @federating Keyword.get(@instance, :federating) + @allow_relay Keyword.get(@instance, :allow_relay) @public Keyword.get(@instance, :public) @registrations_open Keyword.get(@instance, :registrations_open) @@ -318,10 +319,12 @@ defmodule Pleroma.Web.Router do end if @federating do - scope "/", Pleroma.Web.ActivityPub do - # XXX: not really ostatus either - pipe_through(:ostatus) - get("/", ActivityPubController, :relay) + if @allow_relay do + scope "/", Pleroma.Web.ActivityPub do + # XXX: not really ostatus either + pipe_through(:ostatus) + get("/", ActivityPubController, :relay) + end end scope "/", Pleroma.Web.ActivityPub do -- cgit v1.2.3 From 1c90f88393c10198f34aa3a19f09169bcddeeac3 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 06:50:18 +0000 Subject: user: remote actors can have no nickname if they are virtual services --- lib/pleroma/user.ex | 2 +- lib/pleroma/web/activity_pub/activity_pub.ex | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 640c34aec..82a2a7833 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -77,7 +77,7 @@ defmodule Pleroma.User do changes = %User{} |> cast(params, [:bio, :name, :ap_id, :nickname, :info, :avatar]) - |> validate_required([:name, :ap_id, :nickname]) + |> validate_required([:name, :ap_id]) |> unique_constraint(:nickname) |> validate_format(:nickname, @email_regex) |> validate_length(:bio, max: 5000) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index ec605b694..bab272323 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -554,12 +554,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "locked" => locked }, avatar: avatar, - nickname: "#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}", name: data["name"], follower_address: data["followers"], bio: data["summary"] } + # nickname can be nil because of virtual actors + user_data = + if data["preferredUsername"] do + Map.put(user_data, :nickname, "#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}") + else + Map.put(user_data, :nickname, nil) + end + {:ok, user_data} end -- cgit v1.2.3 From 99be3d3dccbbd7877192c6291bbaae92f66e06bf Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 07:14:16 +0000 Subject: relay: add relay follow/unfollow tasks --- lib/mix/tasks/relay_follow.ex | 12 ++++++++++++ lib/mix/tasks/relay_unfollow.ex | 12 ++++++++++++ lib/pleroma/web/activity_pub/relay.ex | 28 ++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 lib/mix/tasks/relay_follow.ex create mode 100644 lib/mix/tasks/relay_unfollow.ex (limited to 'lib') diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex new file mode 100644 index 000000000..a8152d96f --- /dev/null +++ b/lib/mix/tasks/relay_follow.ex @@ -0,0 +1,12 @@ +defmodule Mix.Tasks.RelayFollow do + use Mix.Task + require Logger + alias Pleroma.Web.ActivityPub.Relay + + @shortdoc "Follows a remote relay" + def run([target]) do + Mix.Task.run("app.start") + + :ok = Relay.follow(target) + end +end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex new file mode 100644 index 000000000..81b7197b2 --- /dev/null +++ b/lib/mix/tasks/relay_unfollow.ex @@ -0,0 +1,12 @@ +defmodule Mix.Tasks.RelayUnfollow do + use Mix.Task + require Logger + alias Pleroma.Web.ActivityPub.Relay + + @shortdoc "Follows a remote relay" + def run([target]) do + Mix.Task.run("app.start") + + :ok = Relay.unfollow(target) + end +end diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 736d0e406..8b49188fb 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -1,7 +1,35 @@ defmodule Pleroma.Web.ActivityPub.Relay do alias Pleroma.User + alias Pleroma.Web.ActivityPub.ActivityPub + require Logger def get_actor do User.get_or_create_instance_user() end + + def follow(target_instance) do + with %User{} = local_user <- get_actor(), + %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), + {:ok, activity} <- ActivityPub.follow(local_user, target_user) do + ActivityPub.publish(local_user, activity) + Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") + else + e -> Logger.error("error: #{inspect(e)}") + end + + :ok + end + + def unfollow(target_instance) do + with %User{} = local_user <- get_actor(), + %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), + {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do + ActivityPub.publish(local_user, activity) + Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") + else + e -> Logger.error("error: #{inspect(e)}") + end + + :ok + end end -- cgit v1.2.3 From 266b3140519eacc6c0adaccd959e2f3167e1fc13 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 07:27:11 +0000 Subject: relay: fix invoking federator, use a timer to sleep the mix task to force a context switch --- lib/mix/tasks/relay_follow.ex | 3 +++ lib/mix/tasks/relay_unfollow.ex | 3 +++ lib/pleroma/web/activity_pub/relay.ex | 2 -- 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index a8152d96f..ac6f20924 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -8,5 +8,8 @@ defmodule Mix.Tasks.RelayFollow do Mix.Task.run("app.start") :ok = Relay.follow(target) + + # put this task to sleep to allow the genserver to push out the messages + :timer.sleep(500) end end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index 81b7197b2..4621ace83 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -8,5 +8,8 @@ defmodule Mix.Tasks.RelayUnfollow do Mix.Task.run("app.start") :ok = Relay.unfollow(target) + + # put this task to sleep to allow the genserver to push out the messages + :timer.sleep(500) end end diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 8b49188fb..29ece7f1b 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -11,7 +11,6 @@ defmodule Pleroma.Web.ActivityPub.Relay do with %User{} = local_user <- get_actor(), %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.follow(local_user, target_user) do - ActivityPub.publish(local_user, activity) Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") else e -> Logger.error("error: #{inspect(e)}") @@ -24,7 +23,6 @@ defmodule Pleroma.Web.ActivityPub.Relay do with %User{} = local_user <- get_actor(), %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do - ActivityPub.publish(local_user, activity) Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") else e -> Logger.error("error: #{inspect(e)}") -- cgit v1.2.3 From f9b0fc4ddb84a064e2da927a6a00ddc5ad23c5ee Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 07:34:39 +0000 Subject: relay: remove @allow_relay for the moment --- lib/pleroma/web/router.ex | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index fc9d2d988..3cb996262 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -319,12 +319,10 @@ defmodule Pleroma.Web.Router do end if @federating do - if @allow_relay do - scope "/", Pleroma.Web.ActivityPub do - # XXX: not really ostatus either - pipe_through(:ostatus) - get("/", ActivityPubController, :relay) - end + scope "/", Pleroma.Web.ActivityPub do + # XXX: not really ostatus either + pipe_through(:ostatus) + get("/", ActivityPubController, :relay) end scope "/", Pleroma.Web.ActivityPub do -- cgit v1.2.3 From 1c40a631e809ed7ab7bdd0ef46ff97a124b858e8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 07:43:37 +0000 Subject: federator: actually relay the public activities --- lib/pleroma/web/activity_pub/relay.ex | 11 ++++++++++- lib/pleroma/web/federator/federator.ex | 4 ++++ 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 29ece7f1b..f5cf8b7f5 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -1,5 +1,5 @@ defmodule Pleroma.Web.ActivityPub.Relay do - alias Pleroma.User + alias Pleroma.{User, Object} alias Pleroma.Web.ActivityPub.ActivityPub require Logger @@ -30,4 +30,13 @@ defmodule Pleroma.Web.ActivityPub.Relay do :ok end + + def publish(activity) do + with %User{} = user <- get_actor(), + %Object{} = object <- Object.normalize(activity.data["object"]["id"]) do + ActivityPub.announce(user, object) + else + e -> Logger.error("error: #{inspect(e)}") + end + end end diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index ccefb0bdf..94e3979be 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.Federator do alias Pleroma.Activity alias Pleroma.Web.{WebFinger, Websub} alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils require Logger @@ -69,6 +70,9 @@ defmodule Pleroma.Web.Federator do Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end) Pleroma.Web.Salmon.publish(actor, activity) + + Logger.info(fn -> "Relaying #{activity.data["id"]} out" end) + Pleroma.Web.ActivityPub.Relay.publish(activity) end Logger.info(fn -> "Sending #{activity.data["id"]} out via AP" end) -- cgit v1.2.3 From 56dc8db58212940cf81f159f4c4730211fef38b9 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 07:48:08 +0000 Subject: activitypub: relay: add relay following/followers collection URLs --- lib/pleroma/web/activity_pub/views/user_view.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 52f09fcd5..adfbcab49 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -20,6 +20,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do "@context" => "https://www.w3.org/ns/activitystreams", "id" => user.ap_id, "type" => "Application", + "following" => "#{user.ap_id}/relay/following", + "followers" => "#{user.ap_id}/relay/followers", "inbox" => "#{user.ap_id}/inbox", "name" => "Pleroma", "summary" => "Virtual actor for Pleroma relay", -- cgit v1.2.3 From ae3cb652b6d75bc58e0fac3333d5820d8c335f48 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 08:03:00 +0000 Subject: user: set up a valid followers address to use --- lib/pleroma/user.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 82a2a7833..327eb3ea3 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -647,6 +647,7 @@ defmodule Pleroma.User do |> put_change(:ap_id, Pleroma.Web.Endpoint.url()) |> put_change(:nickname, nil) |> put_change(:local, true) + |> put_change(:follower_address, Pleroma.Web.Endpoint.url() <> "/relay/followers") {:ok, user} = Repo.insert(changes) user -- cgit v1.2.3 From 2b628f23410edc310d10e692ae0502136e999fd3 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 08:03:10 +0000 Subject: relay: only relay create activities --- lib/pleroma/web/activity_pub/relay.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index f5cf8b7f5..d30853d62 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -1,5 +1,5 @@ defmodule Pleroma.Web.ActivityPub.Relay do - alias Pleroma.{User, Object} + alias Pleroma.{User, Object, Activity} alias Pleroma.Web.ActivityPub.ActivityPub require Logger @@ -31,7 +31,7 @@ defmodule Pleroma.Web.ActivityPub.Relay do :ok end - def publish(activity) do + def publish(%Activity{data: %{"type" => "Create"}} = activity) do with %User{} = user <- get_actor(), %Object{} = object <- Object.normalize(activity.data["object"]["id"]) do ActivityPub.announce(user, object) @@ -39,4 +39,6 @@ defmodule Pleroma.Web.ActivityPub.Relay do e -> Logger.error("error: #{inspect(e)}") end end + + def publish(_), do: nil end -- cgit v1.2.3 From e49131bb7212ba5d1b79fc20c83223325a2e98c4 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 08:13:05 +0000 Subject: relay: move to /relay endpoint from / due to webapp issues --- lib/pleroma/user.ex | 8 +++++--- lib/pleroma/web/router.ex | 9 ++++++--- 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 327eb3ea3..8d8c53dfc 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -638,16 +638,18 @@ defmodule Pleroma.User do end def get_or_create_instance_user do - if user = get_by_ap_id(Pleroma.Web.Endpoint.url()) do + relay_uri = "#{Pleroma.Web.Endpoint.url()}/relay" + + if user = get_by_ap_id(relay_uri) do user else changes = %User{} |> cast(%{}, [:ap_id, :nickname, :local]) - |> put_change(:ap_id, Pleroma.Web.Endpoint.url()) + |> put_change(:ap_id, relay_uri) |> put_change(:nickname, nil) |> put_change(:local, true) - |> put_change(:follower_address, Pleroma.Web.Endpoint.url() <> "/relay/followers") + |> put_change(:follower_address, relay_uri <> "/followers") {:ok, user} = Repo.insert(changes) user diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 3cb996262..48c3fb9a5 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -283,6 +283,10 @@ defmodule Pleroma.Web.Router do get("/externalprofile/show", TwitterAPI.Controller, :external_profile) end + pipeline :ap_relay do + plug(:accepts, ["activity+json"]) + end + pipeline :ostatus do plug(:accepts, ["xml", "atom", "html", "activity+json"]) end @@ -319,9 +323,8 @@ defmodule Pleroma.Web.Router do end if @federating do - scope "/", Pleroma.Web.ActivityPub do - # XXX: not really ostatus either - pipe_through(:ostatus) + scope "/relay", Pleroma.Web.ActivityPub do + pipe_through(:ap_relay) get("/", ActivityPubController, :relay) end -- cgit v1.2.3 From 1e1a29f084967586b412425a868240240ac833b8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 08:15:18 +0000 Subject: activitypub: relay: fix up AS2 actor object --- lib/pleroma/web/activity_pub/views/user_view.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index adfbcab49..6ecb8862e 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -20,8 +20,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do "@context" => "https://www.w3.org/ns/activitystreams", "id" => user.ap_id, "type" => "Application", - "following" => "#{user.ap_id}/relay/following", - "followers" => "#{user.ap_id}/relay/followers", + "following" => "#{user.ap_id}/following", + "followers" => "#{user.ap_id}/followers", "inbox" => "#{user.ap_id}/inbox", "name" => "Pleroma", "summary" => "Virtual actor for Pleroma relay", -- cgit v1.2.3 From 5abf9ad6025eb7464deee7fb5a77e651272f44a1 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 08:20:21 +0000 Subject: relay: reintroduce @allow_relay --- lib/pleroma/web/router.ex | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 48c3fb9a5..eb9860864 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -323,9 +323,11 @@ defmodule Pleroma.Web.Router do end if @federating do - scope "/relay", Pleroma.Web.ActivityPub do - pipe_through(:ap_relay) - get("/", ActivityPubController, :relay) + if @allow_relay do + scope "/relay", Pleroma.Web.ActivityPub do + pipe_through(:ap_relay) + get("/", ActivityPubController, :relay) + end end scope "/", Pleroma.Web.ActivityPub do -- cgit v1.2.3 From 0ca9b9ff964f7a64a2225056991068320e085d62 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 08:26:36 +0000 Subject: run mix format --- lib/pleroma/web/activity_pub/activity_pub.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index bab272323..a07bf1629 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -562,7 +562,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # nickname can be nil because of virtual actors user_data = if data["preferredUsername"] do - Map.put(user_data, :nickname, "#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}") + Map.put( + user_data, + :nickname, + "#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}" + ) else Map.put(user_data, :nickname, nil) end -- cgit v1.2.3 From 5202d4ce107d00866e6cb284b4c2a2614154a489 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 08:35:56 +0000 Subject: relay: do not relay in test mode --- lib/pleroma/web/federator/federator.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 94e3979be..078f3ec11 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -71,8 +71,10 @@ defmodule Pleroma.Web.Federator do Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end) Pleroma.Web.Salmon.publish(actor, activity) - Logger.info(fn -> "Relaying #{activity.data["id"]} out" end) - Pleroma.Web.ActivityPub.Relay.publish(activity) + if Mix.env() != :test do + Logger.info(fn -> "Relaying #{activity.data["id"]} out" end) + Pleroma.Web.ActivityPub.Relay.publish(activity) + end end Logger.info(fn -> "Sending #{activity.data["id"]} out via AP" end) -- cgit v1.2.3 From de6be63b1be19bffd17e374f16983934034f7b74 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 10:37:52 +0000 Subject: activitypub: do not show observable effects of non-public boosts --- lib/pleroma/web/activity_pub/utils.ex | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 8b41a3bec..a2e5c5002 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -302,6 +302,24 @@ defmodule Pleroma.Web.ActivityPub.Utils do @doc """ Make announce activity data for the given actor and object """ + # for relayed messages, we only want to send to subscribers + def make_announce_data( + %User{ap_id: ap_id, nickname: nil} = user, + %Object{data: %{"id" => id}} = object, + activity_id + ) do + data = %{ + "type" => "Announce", + "actor" => ap_id, + "object" => id, + "to" => [user.follower_address], + "cc" => [], + "context" => object.data["context"] + } + + if activity_id, do: Map.put(data, "id", activity_id), else: data + end + def make_announce_data( %User{ap_id: ap_id} = user, %Object{data: %{"id" => id}} = object, @@ -356,12 +374,19 @@ defmodule Pleroma.Web.ActivityPub.Utils do if activity_id, do: Map.put(data, "id", activity_id), else: data end - def add_announce_to_object(%Activity{data: %{"actor" => actor}}, object) do + def add_announce_to_object( + %Activity{ + data: %{"actor" => actor, "cc" => ["https://www.w3.org/ns/activitystreams#Public"]} + }, + object + ) do with announcements <- [actor | object.data["announcements"] || []] |> Enum.uniq() do update_element_in_object("announcement", announcements, object) end end + def add_announce_to_object(_, object), do: {:ok, object} + def remove_announce_from_object(%Activity{data: %{"actor" => actor}}, object) do with announcements <- (object.data["announcements"] || []) |> List.delete(actor) do update_element_in_object("announcement", announcements, object) -- cgit v1.2.3 From ecfd4b21066f7df7450d5aace403ac97c0d7778a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 10:44:25 +0000 Subject: user: hide virtual actors from statistics queries --- lib/pleroma/user.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 8d8c53dfc..5e46208c3 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -578,7 +578,11 @@ defmodule Pleroma.User do end def local_user_query() do - from(u in User, where: u.local == true) + from( + u in User, + where: u.local == true, + where: not is_nil(u.nickname) + ) end def deactivate(%User{} = user) do -- cgit v1.2.3 From d91fd48edf8241c5d0b7dc61c36fa2c3e8c1ccd4 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 10:57:19 +0000 Subject: user: do not leak virtuals in account search --- lib/pleroma/user.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 5e46208c3..748fdbca4 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -499,7 +499,8 @@ defmodule Pleroma.User do u.nickname, u.name ) - } + }, + where: not is_nil(u.nickname) ) q = -- cgit v1.2.3 From f9d13558c8198bf2a25035dfb3c112aaa2be4cbf Mon Sep 17 00:00:00 2001 From: eal Date: Sun, 12 Aug 2018 22:24:10 +0300 Subject: CommonAPI: add emoji to user source data on update --- lib/pleroma/web/common_api/common_api.ex | 14 +++++++++++++- lib/pleroma/web/common_api/utils.ex | 12 ++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 3f18a68e8..4be6e7508 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -1,5 +1,5 @@ defmodule Pleroma.Web.CommonAPI do - alias Pleroma.{Repo, Activity, Object} + alias Pleroma.{User, Repo, Activity, Object} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Formatter @@ -118,6 +118,18 @@ defmodule Pleroma.Web.CommonAPI do end def update(user) do + user = + with emoji <- emoji_from_profile(user), + source_data <- (user.info["source_data"] || %{}) |> Map.put("tag", emoji), + new_info <- Map.put(user.info, "source_data", source_data), + change <- User.info_changeset(user, %{info: new_info}), + {:ok, user} <- User.update_and_set_cache(change) do + user + else + _e -> + user + end + ActivityPub.update(%{ local: true, to: [user.follower_address], diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 30089f553..f6960bf41 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -1,6 +1,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.{Repo, Object, Formatter, Activity} alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.Endpoint alias Pleroma.User alias Calendar.Strftime alias Comeonin.Pbkdf2 @@ -196,4 +197,15 @@ defmodule Pleroma.Web.CommonAPI.Utils do _ -> {:error, "Invalid password."} end end + + def emoji_from_profile(%{info: info} = user) do + (Formatter.get_emoji(user.bio) ++ Formatter.get_emoji(user.name)) + |> Enum.map(fn {shortcode, url} -> + %{ + "type" => "Emoji", + "icon" => %{"url" => "#{Endpoint.url()}#{url}"}, + "name" => ":#{shortcode}:" + } + end) + end end -- cgit v1.2.3 From 1ed1ff17a4281cdbd7743e12759143dcb6534db7 Mon Sep 17 00:00:00 2001 From: eal Date: Mon, 13 Aug 2018 16:11:48 +0300 Subject: ActivityPub user view: include tag if present. --- lib/pleroma/web/activity_pub/views/user_view.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 41bfe5048..fdb2b8ea9 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -42,7 +42,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do "image" => %{ "type" => "Image", "url" => User.banner_url(user) - } + }, + "tag" => user.info["source_data"]["tag"] || [] } |> Map.merge(Utils.make_json_ld_header()) end -- cgit v1.2.3 From 92caa2632ba559961ebceccc9c0b44fbb8af05ed Mon Sep 17 00:00:00 2001 From: eal Date: Mon, 13 Aug 2018 16:21:18 +0300 Subject: Use Image type for emoji icons. --- lib/pleroma/web/common_api/utils.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index f6960bf41..7bab0e4ff 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -203,7 +203,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do |> Enum.map(fn {shortcode, url} -> %{ "type" => "Emoji", - "icon" => %{"url" => "#{Endpoint.url()}#{url}"}, + "icon" => %{"type" => "Image", "url" => "#{Endpoint.url()}#{url}"}, "name" => ":#{shortcode}:" } end) -- cgit v1.2.3 From 9b046d2a8481c50e244071be1192830e0bbd08bc Mon Sep 17 00:00:00 2001 From: Henry Jameson Date: Wed, 22 Aug 2018 16:10:59 +0300 Subject: fixed notifications API completely breaking if there's a like for missing (deleted) post. --- lib/pleroma/web/twitter_api/views/activity_view.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 55b5287f5..0efc0df2e 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -188,7 +188,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do text = "#{user.nickname} favorited a status." - %{ + if liked_activity, do: %{ "id" => activity.id, "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => text, @@ -200,7 +200,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "in_reply_to_status_id" => liked_activity.id, "external_url" => activity.data["id"], "activity_type" => "like" - } + }, else: %{} end def render( -- cgit v1.2.3 From bf9f68b68142453ee0a30829134285dff11af039 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Thu, 23 Aug 2018 11:52:18 +0900 Subject: debug --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e89cd63a2..f482de6fd 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1116,7 +1116,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do data2 = Enum.slice(data, 0, 40) |> Enum.map(fn x -> - Map.put(x, "id", User.get_or_fetch(x["acct"]).id) + Map.put( + x, + "id", + case User.get_or_fetch(x["acct"]) do + %{id: id} -> id + _ -> 0 + end + ) end) conn -- cgit v1.2.3 From 09cb40220336f464e63ad4f56370c284028ccc94 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 24 Aug 2018 18:03:41 +0000 Subject: fe config: add collapse_message_with_subject fe option --- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 24ebdf007..7dbac620e 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -175,7 +175,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do showWhoToFollowPanel: Keyword.get(@instance_fe, :show_who_to_follow_panel), scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), whoToFollowProvider: Keyword.get(@instance_fe, :who_to_follow_provider), - whoToFollowLink: Keyword.get(@instance_fe, :who_to_follow_link) + whoToFollowLink: Keyword.get(@instance_fe, :who_to_follow_link), + collapseMessageWithSubject: + Keyword.get(@instance_fe, :collapse_message_with_subject) } } }) -- cgit v1.2.3 From 3e10d13909d3801d26b5cbf86a376e2ed370e2cc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 24 Aug 2018 18:18:48 +0000 Subject: formatter: adjust regexp captures to match local users with single character nicknames (closes #163) --- lib/pleroma/formatter.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 3e71a3b5f..cf2944c38 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -16,7 +16,7 @@ defmodule Pleroma.Formatter do def parse_mentions(text) do # Modified from https://www.w3.org/TR/html5/forms.html#valid-e-mail-address regex = - ~r/@[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@?[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*/u + ~r/@[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]*@?[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*/u Regex.scan(regex, text) |> List.flatten() -- cgit v1.2.3 From 290798b8215c2f61ad6e6ccb5463ce599486f2a5 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 24 Aug 2018 20:01:13 +0000 Subject: http: fix TLS server name indication by default, hackney only sent TLS server name indication if TLS was locked to TLS 1.2. since there are many instances out there not speaking TLS 1.2, it is not acceptable to lock SNI to TLS 1.2. closes #261 --- lib/pleroma/http/http.ex | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/http/http.ex b/lib/pleroma/http/http.ex index 84f34eb4a..c19bccf60 100644 --- a/lib/pleroma/http/http.ex +++ b/lib/pleroma/http/http.ex @@ -1,5 +1,23 @@ defmodule Pleroma.HTTP do - use HTTPoison.Base + require HTTPoison + + def request(method, url, body \\ "", headers \\ [], options \\ []) do + options = + process_request_options(options) + |> process_sni_options(url) + + HTTPoison.request(method, url, body, headers, options) + end + + defp process_sni_options(options, url) do + uri = URI.parse(url) + host = uri.host |> to_charlist() + + case uri.scheme do + "https" -> options ++ [ssl: [server_name_indication: host]] + _ -> options + end + end def process_request_options(options) do config = Application.get_env(:pleroma, :http, []) @@ -10,4 +28,9 @@ defmodule Pleroma.HTTP do _ -> options ++ [proxy: proxy] end end + + def get(url, headers \\ [], options \\ []), do: request(:get, url, "", headers, options) + + def post(url, body, headers \\ [], options \\ []), + do: request(:post, url, body, headers, options) end -- cgit v1.2.3 From aab2bdddf4456c99d5d5042183c1225f7e771f56 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 25 Aug 2018 00:03:25 +0000 Subject: twitter api: provide object descriptions as attachment description field --- lib/pleroma/web/twitter_api/representers/object_representer.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/representers/object_representer.ex b/lib/pleroma/web/twitter_api/representers/object_representer.ex index 60e30191f..6aa794a59 100644 --- a/lib/pleroma/web/twitter_api/representers/object_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/object_representer.ex @@ -9,7 +9,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectRepresenter do url: url["href"] |> Pleroma.Web.MediaProxy.url(), mimetype: url["mediaType"] || url["mimeType"], id: data["uuid"], - oembed: false + oembed: false, + description: data["name"] } end @@ -18,7 +19,8 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectRepresenter do url: url |> Pleroma.Web.MediaProxy.url(), mimetype: data["mediaType"] || url["mimeType"], id: data["uuid"], - oembed: false + oembed: false, + description: data["name"] } end -- cgit v1.2.3 From 540cce5d1075fc3033254e5d8bf7d138485ed7bb Mon Sep 17 00:00:00 2001 From: Ekaterina Vaartis Date: Sat, 25 Aug 2018 21:22:34 +0300 Subject: When logging in, try treating the login as an email Closes #245 --- lib/pleroma/web/router.ex | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 2dadf974c..913152c5a 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -8,8 +8,16 @@ defmodule Pleroma.Web.Router do @public Keyword.get(@instance, :public) @registrations_open Keyword.get(@instance, :registrations_open) - def user_fetcher(username) do - {:ok, Repo.get_by(User, %{nickname: username})} + def user_fetcher(username_or_email) do + { + :ok, + cond do + # First, try logging in as if it was a name + user = Repo.get_by(User, %{nickname: username_or_email}) -> user + # If we get nil, we try using it as an email + user = Repo.get_by(User, %{email: username_or_email}) -> user + end + } end pipeline :api do -- cgit v1.2.3 From 946a0769c4cc84f27bca5d5f79413f4cc9fef39b Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Sun, 26 Aug 2018 17:40:15 +0900 Subject: remove unused settings from /api/statusnet/config --- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 7dbac620e..d1ecebf61 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -172,10 +172,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), chatDisabled: !Keyword.get(@instance_chat, :enabled), showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), - showWhoToFollowPanel: Keyword.get(@instance_fe, :show_who_to_follow_panel), scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), - whoToFollowProvider: Keyword.get(@instance_fe, :who_to_follow_provider), - whoToFollowLink: Keyword.get(@instance_fe, :who_to_follow_link), collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject) } -- cgit v1.2.3 From 741c6ad671e45ea101046a34a802f94c9d21e8bf Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 26 Aug 2018 22:37:36 +0000 Subject: common api: handle replying to orphaned threads --- lib/pleroma/web/common_api/common_api.ex | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 3f18a68e8..475c180a1 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -61,8 +61,13 @@ defmodule Pleroma.Web.CommonAPI do do: visibility def get_visibility(%{"in_reply_to_status_id" => status_id}) when not is_nil(status_id) do - inReplyTo = get_replied_to_activity(status_id) - Pleroma.Web.MastodonAPI.StatusView.get_visibility(inReplyTo.data["object"]) + case get_replied_to_activity(status_id) do + nil -> + "public" + + inReplyTo -> + Pleroma.Web.MastodonAPI.StatusView.get_visibility(inReplyTo.data["object"]) + end end def get_visibility(_), do: "public" -- cgit v1.2.3 From bc3c30430e564a510c80694ef30091942520d1e8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 26 Aug 2018 22:46:25 +0000 Subject: fix formatting --- lib/pleroma/web/router.ex | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 913152c5a..68e159f6a 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -13,9 +13,12 @@ defmodule Pleroma.Web.Router do :ok, cond do # First, try logging in as if it was a name - user = Repo.get_by(User, %{nickname: username_or_email}) -> user + user = Repo.get_by(User, %{nickname: username_or_email}) -> + user + # If we get nil, we try using it as an email - user = Repo.get_by(User, %{email: username_or_email}) -> user + user = Repo.get_by(User, %{email: username_or_email}) -> + user end } end -- cgit v1.2.3 From 1089d3658e30dc9beabd3d6985712ab3837fe41a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 6 Aug 2018 11:20:41 +0000 Subject: user: fix up notification last calculation [NOT related to upstream] --- lib/pleroma/user.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 88293a4f3..6f8e39f74 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -467,10 +467,15 @@ defmodule Pleroma.User do def get_notified_from_activity(%Activity{recipients: to, data: %{"type" => "Announce"} = data}) do object = Object.normalize(data["object"]) + actor = User.get_cached_by_ap_id(data["actor"]) # ensure that the actor who published the announced object appears only once to = - (to ++ [object.data["actor"]]) + if actor.nickname != nil do + (to ++ [object.data["actor"]]) + else + to + end |> Enum.uniq() query = get_notified_from_activity_query(to) -- cgit v1.2.3 From 5dd6542db5a396b6ae056218c811d2a860612e4f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 14 Aug 2018 17:07:10 +0000 Subject: formatting --- lib/pleroma/user.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 6f8e39f74..fca490cb1 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -472,7 +472,7 @@ defmodule Pleroma.User do # ensure that the actor who published the announced object appears only once to = if actor.nickname != nil do - (to ++ [object.data["actor"]]) + to ++ [object.data["actor"]] else to end -- cgit v1.2.3 From 83efaa3af6470485c5b47959ea94f7089971e205 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 7 Aug 2018 22:45:40 +0200 Subject: [MastodonAPI] Add streaming of hashtags --- lib/pleroma/web/activity_pub/activity_pub.ex | 3 +++ lib/pleroma/web/mastodon_api/mastodon_socket.ex | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 68b398786..749ffbcd4 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -84,6 +84,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do Pleroma.Web.Streamer.stream("public:local", activity) end + activity.data["object"]["tag"] + |> Enum.map(fn tag -> Pleroma.Web.Streamer.stream("hashtag:" <> tag, activity) end) + if activity.data["object"]["attachment"] != [] do Pleroma.Web.Streamer.stream("public:media", activity) diff --git a/lib/pleroma/web/mastodon_api/mastodon_socket.ex b/lib/pleroma/web/mastodon_api/mastodon_socket.ex index 174293906..bc628ba56 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_socket.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_socket.ex @@ -23,16 +23,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonSocket do "public:local:media", "user", "direct", - "list" + "list", + "hashtag" ] <- params["stream"] do topic = if stream == "list", do: "list:#{params["list"]}", else: stream + socket_stream = if stream == "hashtag", do: "hashtag:#{params["tag"]}", else: stream socket = socket |> assign(:topic, topic) |> assign(:user, user) - Pleroma.Web.Streamer.add_socket(params["stream"], socket) + Pleroma.Web.Streamer.add_socket(socket_stream, socket) {:ok, socket} else _e -> :error -- cgit v1.2.3 From 97e20d293266689d57c23abc7ae12ee05996517a Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 7 Aug 2018 23:49:35 +0200 Subject: =?UTF-8?q?[MastodonAPI]=20the=20tag=20field=20isn=E2=80=99t=20fix?= =?UTF-8?q?ed=20to=20a=20static=20type=20in=20pleroma?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/web/activity_pub/activity_pub.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 749ffbcd4..ed2240530 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -84,7 +84,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do Pleroma.Web.Streamer.stream("public:local", activity) end - activity.data["object"]["tag"] + activity.data["object"] + |> Map.get("tag", []) + |> Enum.filter(fn tag -> is_bitstring(tag) end) |> Enum.map(fn tag -> Pleroma.Web.Streamer.stream("hashtag:" <> tag, activity) end) if activity.data["object"]["attachment"] != [] do -- cgit v1.2.3 From d008f2d69c96616f8d665851994414d1b42f8761 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 10 Aug 2018 01:44:38 +0200 Subject: [Pleroma.Web.MastodonAPI.AccountView]: Add bot field --- lib/pleroma/web/mastodon_api/views/account_view.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index d9edcae7f..9dd635a63 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do image = User.avatar_url(user) |> MediaProxy.url() header = User.banner_url(user) |> MediaProxy.url() user_info = User.user_info(user) + bot = (user.info["source_data"]["type"] || "Person") in ["Application", "Service"] emojis = (user.info["source_data"]["tag"] || []) @@ -44,6 +45,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do header_static: header, emojis: emojis, fields: [], + bot: bot, source: %{ note: "", privacy: "public", -- cgit v1.2.3 From a5adb251ab101e7ad1084a772b66b049998c72a5 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 10 Aug 2018 02:41:01 +0200 Subject: [Pleroma.Web.MastodonAPI.AccountView]: Add fields support --- lib/pleroma/web/mastodon_api/views/account_view.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 9dd635a63..634985fb6 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -27,6 +27,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do } end) + fields = + (user.info["source_data"]["attachment"] || []) + |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end) + |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end) + %{ id: to_string(user.id), username: hd(String.split(user.nickname, "@")), @@ -44,7 +49,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do header: header, header_static: header, emojis: emojis, - fields: [], + fields: fields, bot: bot, source: %{ note: "", -- cgit v1.2.3 From 6e030129fb33926e6a5bd75c27af6f657f9da2a5 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 14 Aug 2018 04:27:28 +0200 Subject: [MastodonAPI] Add filters --- lib/pleroma/filter.ex | 62 ++++++++++++++++++++++ .../web/mastodon_api/mastodon_api_controller.ex | 61 ++++++++++++++++++++- lib/pleroma/web/mastodon_api/views/filter_view.ex | 20 +++++++ lib/pleroma/web/router.ex | 6 +++ 4 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 lib/pleroma/filter.ex create mode 100644 lib/pleroma/web/mastodon_api/views/filter_view.ex (limited to 'lib') diff --git a/lib/pleroma/filter.ex b/lib/pleroma/filter.ex new file mode 100644 index 000000000..fe904df3a --- /dev/null +++ b/lib/pleroma/filter.ex @@ -0,0 +1,62 @@ +defmodule Pleroma.Filter do + use Ecto.Schema + import Ecto.{Changeset, Query} + alias Pleroma.{User, Repo, Activity} + + schema "filters" do + belongs_to(:user, Pleroma.User) + field(:filter_id, :integer) + field(:hide, :boolean, default: false) + field(:whole_word, :boolean, default: true) + field(:phrase, :string) + field(:context, {:array, :string}) + field(:expires_at, :utc_datetime) + + timestamps() + end + + def get(id, %{id: user_id} = _user) do + query = + from( + f in Pleroma.Filter, + where: f.filter_id == ^id, + where: f.user_id == ^user_id + ) + + Repo.one(query) + end + + def get_filters(%Pleroma.User{id: user_id} = user) do + query = + from( + f in Pleroma.Filter, + where: f.user_id == ^user_id + ) + + Repo.all(query) + end + + def create(%Pleroma.Filter{} = filter) do + Repo.insert(filter) + end + + def delete(%Pleroma.Filter{id: filter_key} = filter) when is_number(filter_key) do + Repo.delete(filter) + end + + def delete(%Pleroma.Filter{id: filter_key} = filter) when is_nil(filter_key) do + %Pleroma.Filter{id: id} = get(filter.filter_id, %{id: filter.user_id}) + + filter + |> Map.put(:id, id) + |> Repo.delete() + end + + def update(%Pleroma.Filter{} = filter) do + destination = Map.from_struct(filter) + + Pleroma.Filter.get(filter.filter_id, %{id: filter.user_id}) + |> cast(destination, [:phrase, :context, :hide, :expires_at, :whole_word]) + |> Repo.update() + end +end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f482de6fd..649ee033e 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -2,7 +2,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do use Pleroma.Web, :controller alias Pleroma.{Repo, Object, Activity, User, Notification, Stats} alias Pleroma.Web - alias Pleroma.Web.MastodonAPI.{StatusView, AccountView, MastodonView, ListView} + alias Pleroma.Web.MastodonAPI.{StatusView, AccountView, MastodonView, ListView, FilterView} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI @@ -1089,6 +1089,65 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def get_filters(%{assigns: %{user: user}} = conn, params) do + filters = Pleroma.Filter.get_filters(user) + res = FilterView.render("filters.json", filters: filters) + json(conn, res) + end + + def create_filter( + %{assigns: %{user: user}} = conn, + %{"phrase" => phrase, "context" => context} = params + ) do + query = %Pleroma.Filter{ + user_id: user.id, + phrase: phrase, + context: context, + hide: Map.get(params, "irreversible", nil), + whole_word: Map.get(params, "boolean", true) + # expires_at + } + + {:ok, response} = Pleroma.Filter.create(query) + res = FilterView.render("filter.json", filter: response) + json(conn, res) + end + + def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + filter = Pleroma.Filter.get(filter_id, user) + res = FilterView.render("filter.json", filter: filter) + json(conn, res) + end + + def update_filter( + %{assigns: %{user: user}} = conn, + %{"phrase" => phrase, "context" => context, "id" => filter_id} = params + ) do + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: filter_id, + phrase: phrase, + context: context, + hide: Map.get(params, "irreversible", nil), + whole_word: Map.get(params, "boolean", true) + # expires_at + } + + {:ok, response} = Pleroma.Filter.update(query) + res = FilterView.render("filter.json", filter: response) + json(conn, res) + end + + def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: filter_id + } + + {:ok, response} = Pleroma.Filter.delete(query) + json(conn, %{}) + end + def errors(conn, _) do conn |> put_status(500) diff --git a/lib/pleroma/web/mastodon_api/views/filter_view.ex b/lib/pleroma/web/mastodon_api/views/filter_view.ex new file mode 100644 index 000000000..3f8c62f24 --- /dev/null +++ b/lib/pleroma/web/mastodon_api/views/filter_view.ex @@ -0,0 +1,20 @@ +defmodule Pleroma.Web.MastodonAPI.FilterView do + use Pleroma.Web, :view + alias Pleroma.Web.MastodonAPI.FilterView + alias Pleroma.Web.CommonAPI.Utils + + def render("filters.json", %{filters: filters} = opts) do + render_many(filters, FilterView, "filter.json", opts) + end + + def render("filter.json", %{filter: filter}) do + %{ + id: to_string(filter.filter_id), + phrase: filter.phrase, + context: filter.context, + expires_at: Utils.to_masto_date(filter.expires_at), + irreversible: filter.hide, + whole_word: false + } + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 927323794..b212a2909 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -154,6 +154,12 @@ defmodule Pleroma.Web.Router do post("/domain_blocks", MastodonAPIController, :block_domain) delete("/domain_blocks", MastodonAPIController, :unblock_domain) + get("/filters", MastodonAPIController, :get_filters) + post("/filters", MastodonAPIController, :create_filter) + get("/filters/:id", MastodonAPIController, :get_filter) + put("/filters/:id", MastodonAPIController, :update_filter) + delete("/filters/:id", MastodonAPIController, :delete_filter) + get("/suggestions", MastodonAPIController, :suggestions) end -- cgit v1.2.3 From d571a571fe969821923ea26c874c7cd77eec5465 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 10 Aug 2018 04:28:29 +0200 Subject: [Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.4.3 --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 649ee033e..b930b002e 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -124,7 +124,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end @instance Application.get_env(:pleroma, :instance) - @mastodon_api_level "2.3.3" + @mastodon_api_level "2.4.3" def masto_instance(conn, _params) do response = %{ -- cgit v1.2.3 From 9bddb39ff097d527ef71860a1d0498dc57f7cd06 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 21 Aug 2018 19:45:58 +0200 Subject: [Pleroma.Web.MastodonAPI.FilterView]: expires_at should be null when N/A --- lib/pleroma/web/mastodon_api/views/filter_view.ex | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/filter_view.ex b/lib/pleroma/web/mastodon_api/views/filter_view.ex index 3f8c62f24..e8401cc2d 100644 --- a/lib/pleroma/web/mastodon_api/views/filter_view.ex +++ b/lib/pleroma/web/mastodon_api/views/filter_view.ex @@ -8,11 +8,17 @@ defmodule Pleroma.Web.MastodonAPI.FilterView do end def render("filter.json", %{filter: filter}) do + if filter.expires_at do + expires_at = Utils.to_masto_date(filter.expires_at) + else + expires_at = nil + end + %{ id: to_string(filter.filter_id), phrase: filter.phrase, context: filter.context, - expires_at: Utils.to_masto_date(filter.expires_at), + expires_at: expires_at, irreversible: filter.hide, whole_word: false } -- cgit v1.2.3 From 6973b77e9462475361772907ddd690a960041b64 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 21 Aug 2018 20:35:14 +0200 Subject: [Pleroma.Web.MastodonAPI.FilterView] fix expires_at being a unsafe variable --- lib/pleroma/web/mastodon_api/views/filter_view.ex | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/filter_view.ex b/lib/pleroma/web/mastodon_api/views/filter_view.ex index e8401cc2d..6bd687d46 100644 --- a/lib/pleroma/web/mastodon_api/views/filter_view.ex +++ b/lib/pleroma/web/mastodon_api/views/filter_view.ex @@ -8,11 +8,12 @@ defmodule Pleroma.Web.MastodonAPI.FilterView do end def render("filter.json", %{filter: filter}) do - if filter.expires_at do - expires_at = Utils.to_masto_date(filter.expires_at) - else - expires_at = nil - end + expires_at = + if filter.expires_at do + Utils.to_masto_date(filter.expires_at) + else + nil + end %{ id: to_string(filter.filter_id), -- cgit v1.2.3 From 0f1c629d657f569058c36fb0f0c7855a261d5257 Mon Sep 17 00:00:00 2001 From: Henry Jameson Date: Mon, 27 Aug 2018 17:07:26 +0300 Subject: better solution, added test. --- lib/pleroma/web/twitter_api/views/activity_view.ex | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 0efc0df2e..909eefdd8 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -181,6 +181,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do def render("activity.json", %{activity: %{data: %{"type" => "Like"}} = activity} = opts) do user = get_user(activity.data["actor"], opts) liked_activity = Activity.get_create_activity_by_object_ap_id(activity.data["object"]) + liked_activity_id = if liked_activity, do: liked_activity.id, else: nil created_at = activity.data["published"] @@ -188,7 +189,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do text = "#{user.nickname} favorited a status." - if liked_activity, do: %{ + %{ "id" => activity.id, "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => text, @@ -197,10 +198,10 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "is_post_verb" => false, "uri" => "tag:#{activity.data["id"]}:objectType=Favourite", "created_at" => created_at, - "in_reply_to_status_id" => liked_activity.id, + "in_reply_to_status_id" => liked_activity_id, "external_url" => activity.data["id"], "activity_type" => "like" - }, else: %{} + } end def render( -- cgit v1.2.3 From b9a642da1ec290386d04245eb17175866e40308c Mon Sep 17 00:00:00 2001 From: shibayashi Date: Tue, 28 Aug 2018 00:40:58 +0200 Subject: Add Secure and SameSite cookie flags --- lib/pleroma/web/endpoint.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index cbedca004..e81bc75b6 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -49,7 +49,9 @@ defmodule Pleroma.Web.Endpoint do Plug.Session, store: :cookie, key: "_pleroma_key", - signing_salt: "CqaoopA2" + signing_salt: "CqaoopA2", + secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), + extra: "SameSite=Lax" ) plug(Pleroma.Web.Router) -- cgit v1.2.3 From 0c4493f144dc4cbac6c4d090c9f5be67fa88599b Mon Sep 17 00:00:00 2001 From: shibayashi Date: Tue, 28 Aug 2018 00:47:34 +0200 Subject: Fix formatting --- lib/pleroma/web/endpoint.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index e81bc75b6..7bbb9480d 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -50,7 +50,8 @@ defmodule Pleroma.Web.Endpoint do store: :cookie, key: "_pleroma_key", signing_salt: "CqaoopA2", - secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), + secure: + Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), extra: "SameSite=Lax" ) -- cgit v1.2.3 From e95d958b525cd0a448d38753099bbf7a4f30ba90 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 27 Aug 2018 23:30:53 +0000 Subject: sample config: show how amazon s3 support is activated, including third-party clones like wasabi --- lib/mix/tasks/sample_config.eex | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lib') diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 6db36fa09..cfb5ef4c0 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -24,3 +24,20 @@ config :pleroma, Pleroma.Repo, database: "pleroma_dev", hostname: "localhost", pool_size: 10 + +# Configure S3 support if desired: +# +# config :pleroma, Pleroma.Upload, +# use_s3: true, +# bucket: "some-bucket" +# +# Configure S3 credentials: +# config :ex_aws, :s3, +# access_key_id: "xxxxxxxxxxxxx", +# secret_access_key: "yyyyyyyyyyyy", +# region: "us-east-1", +# scheme: "https://", +# +# For using third-party S3 clones like wasabi, also do: +# config :ex_aws, :s3, +# host: "s3.wasabisys.com" -- cgit v1.2.3 From 86c007ddd2a059e1d98780872abe30f92a24fbbf Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 27 Aug 2018 23:36:30 +0000 Subject: upload: strip exif data before finalizing the file path --- lib/pleroma/upload.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index e0cb545b0..eaff8fbf3 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -9,6 +9,8 @@ defmodule Pleroma.Upload do upload_folder = get_upload_path(uuid, should_dedupe) url_path = get_url(name, uuid, should_dedupe) + strip_exif_data(content_type, file.path) + File.mkdir_p!(upload_folder) result_file = Path.join(upload_folder, name) @@ -18,8 +20,6 @@ defmodule Pleroma.Upload do File.cp!(file.path, result_file) end - strip_exif_data(content_type, result_file) - %{ "type" => "Document", "url" => [ -- cgit v1.2.3 From 03c35e579ba4804e176b9095186c2cdc0c244331 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 28 Aug 2018 00:18:24 +0000 Subject: sample config: add S3 public endpoint option --- lib/mix/tasks/sample_config.eex | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index cfb5ef4c0..2acf35ed9 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -25,18 +25,21 @@ config :pleroma, Pleroma.Repo, hostname: "localhost", pool_size: 10 -# Configure S3 support if desired: +# Configure S3 support if desired. +# The public S3 endpoint is different depending on region and provider, +# consult your S3 provider's documentation for details on what to use. # # config :pleroma, Pleroma.Upload, # use_s3: true, -# bucket: "some-bucket" +# bucket: "some-bucket", +# public_endpoint: "https://s3.amazonaws.com" # # Configure S3 credentials: # config :ex_aws, :s3, # access_key_id: "xxxxxxxxxxxxx", # secret_access_key: "yyyyyyyyyyyy", # region: "us-east-1", -# scheme: "https://", +# scheme: "https://" # # For using third-party S3 clones like wasabi, also do: # config :ex_aws, :s3, -- cgit v1.2.3 From 1596185ac62bb09db6e1739b9c24317a59bbbe43 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 28 Aug 2018 00:18:44 +0000 Subject: upload: add the S3 support itself --- lib/pleroma/upload.ex | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index eaff8fbf3..6bed0e8ff 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -3,6 +3,9 @@ defmodule Pleroma.Upload do alias Pleroma.Web def store(%Plug.Upload{} = file, should_dedupe) do + settings = Application.get_env(:pleroma, Pleroma.Upload) + use_s3 = Keyword.fetch!(settings, :use_s3) + content_type = get_content_type(file.path) uuid = get_uuid(file, should_dedupe) name = get_name(file, uuid, content_type, should_dedupe) @@ -20,6 +23,13 @@ defmodule Pleroma.Upload do File.cp!(file.path, result_file) end + url_path = + if use_s3 do + put_s3_file(name, uuid, result_file, content_type) + else + url_path + end + %{ "type" => "Document", "url" => [ @@ -33,7 +43,11 @@ defmodule Pleroma.Upload do } end + # XXX: does this code actually work? i am skeptical. --kaniini def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do + settings = Application.get_env(:pleroma, Pleroma.Upload) + use_s3 = Keyword.fetch!(settings, :use_s3) + parsed = Regex.named_captures(~r/(?jpeg|png|gif);base64,(?.*)/, image_data) data = Base.decode64!(parsed["data"], ignore: :whitespace) uuid = UUID.generate() @@ -71,6 +85,13 @@ defmodule Pleroma.Upload do strip_exif_data(content_type, result_file) + url_path = + if use_s3 do + put_s3_file(name, uuid, result_file, content_type) + else + url_path + end + %{ "type" => "Image", "url" => [ @@ -203,4 +224,24 @@ defmodule Pleroma.Upload do _e -> "application/octet-stream" end end + + defp put_s3_file(name, uuid, path, content_type) do + settings = Application.get_env(:pleroma, Pleroma.Upload) + bucket = Keyword.fetch!(settings, :bucket) + public_endpoint = Keyword.fetch!(settings, :public_endpoint) + + {:ok, file_data} = File.read(path) + + File.rm!(path) + + s3_name = "#{uuid}/#{name}" + + {:ok, result} = + ExAws.S3.put_object(bucket, s3_name, file_data, [ + {:acl, :public_read}, + {:content_type, content_type} + ]) |> ExAws.request() + + "#{public_endpoint}/#{bucket}/#{s3_name}" + end end -- cgit v1.2.3 From d22f66655b0693ebcf9291f7e443a7d7de2d28c6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 28 Aug 2018 00:25:30 +0000 Subject: upload: formatting --- lib/pleroma/upload.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index 6bed0e8ff..a744e6fd4 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -240,7 +240,8 @@ defmodule Pleroma.Upload do ExAws.S3.put_object(bucket, s3_name, file_data, [ {:acl, :public_read}, {:content_type, content_type} - ]) |> ExAws.request() + ]) + |> ExAws.request() "#{public_endpoint}/#{bucket}/#{s3_name}" end -- cgit v1.2.3 From 709816a0f891d6c26c43b54577a3b727c1fe4af6 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Mon, 27 Aug 2018 22:20:54 -0300 Subject: example of flexible storage backends --- lib/pleroma/upload.ex | 66 ++---------------------------------------- lib/pleroma/uploaders/local.ex | 44 ++++++++++++++++++++++++++++ lib/pleroma/uploaders/s3.ex | 24 +++++++++++++++ lib/pleroma/uploaders/swift.ex | 0 4 files changed, 70 insertions(+), 64 deletions(-) create mode 100644 lib/pleroma/uploaders/local.ex create mode 100644 lib/pleroma/uploaders/s3.ex create mode 100644 lib/pleroma/uploaders/swift.ex (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index a744e6fd4..d7cc8122a 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -4,31 +4,15 @@ defmodule Pleroma.Upload do def store(%Plug.Upload{} = file, should_dedupe) do settings = Application.get_env(:pleroma, Pleroma.Upload) - use_s3 = Keyword.fetch!(settings, :use_s3) + storage_backend = Keyword.fetch!(settings, :storage_backend) content_type = get_content_type(file.path) uuid = get_uuid(file, should_dedupe) name = get_name(file, uuid, content_type, should_dedupe) - upload_folder = get_upload_path(uuid, should_dedupe) - url_path = get_url(name, uuid, should_dedupe) strip_exif_data(content_type, file.path) - File.mkdir_p!(upload_folder) - result_file = Path.join(upload_folder, name) - - if File.exists?(result_file) do - File.rm!(file.path) - else - File.cp!(file.path, result_file) - end - - url_path = - if use_s3 do - put_s3_file(name, uuid, result_file, content_type) - else - url_path - end + url_path = storage_backend.put_file(name, uuid, content_type) %{ "type" => "Document", @@ -115,11 +99,6 @@ defmodule Pleroma.Upload do end end - def upload_path do - settings = Application.get_env(:pleroma, Pleroma.Upload) - Keyword.fetch!(settings, :uploads) - end - defp create_name(uuid, ext, type) do case type do "application/octet-stream" -> @@ -163,26 +142,6 @@ defmodule Pleroma.Upload do end end - defp get_upload_path(uuid, should_dedupe) do - if should_dedupe do - upload_path() - else - Path.join(upload_path(), uuid) - end - end - - defp get_url(name, uuid, should_dedupe) do - if should_dedupe do - url_for(:cow_uri.urlencode(name)) - else - url_for(Path.join(uuid, :cow_uri.urlencode(name))) - end - end - - defp url_for(file) do - "#{Web.base_url()}/media/#{file}" - end - def get_content_type(file) do match = File.open(file, [:read], fn f -> @@ -224,25 +183,4 @@ defmodule Pleroma.Upload do _e -> "application/octet-stream" end end - - defp put_s3_file(name, uuid, path, content_type) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - bucket = Keyword.fetch!(settings, :bucket) - public_endpoint = Keyword.fetch!(settings, :public_endpoint) - - {:ok, file_data} = File.read(path) - - File.rm!(path) - - s3_name = "#{uuid}/#{name}" - - {:ok, result} = - ExAws.S3.put_object(bucket, s3_name, file_data, [ - {:acl, :public_read}, - {:content_type, content_type} - ]) - |> ExAws.request() - - "#{public_endpoint}/#{bucket}/#{s3_name}" - end end diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex new file mode 100644 index 000000000..7e5d7a59b --- /dev/null +++ b/lib/pleroma/uploaders/local.ex @@ -0,0 +1,44 @@ +defmodule Pleroma.Uploaders.Local do + def put_file(name, uuid, file, content_type) do + + upload_path = get_upload_path(uuid, should_dedupe) + url_path = get_url(name, uuid, should_dedupe) + + File.mkdir_p!(upload_folder) + + result_file = Path.join(upload_folder, name) + + if File.exists?(result_file) do + File.rm!(file.path) + else + File.cp!(file.path, result_file) + end + + url_path + end + + def upload_path do + settings = Application.get_env(:pleroma, Pleroma.Uploaders.Local) + Keyword.fetch!(settings, :uploads) + end + + defp get_upload_path(uuid, should_dedupe) do + if should_dedupe do + upload_path() + else + Path.join(upload_path(), uuid) + end + end + + defp get_url(name, uuid, should_dedupe) do + if should_dedupe do + url_for(:cow_uri.urlencode(name)) + else + url_for(Path.join(uuid, :cow_uri.urlencode(name))) + end + end + + defp url_for(file) do + "#{Web.base_url()}/media/#{file}" + end +end diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex new file mode 100644 index 000000000..95f20be67 --- /dev/null +++ b/lib/pleroma/uploaders/s3.ex @@ -0,0 +1,24 @@ +defmodule Pleroma.Uploaders.S3 do + + def put_file(name, uuid, path, content_type) do + + settings = Application.get_env(:pleroma, Pleroma.Uploaders.S3) + bucket = Keyword.fetch!(settings, :bucket) + public_endpoint = Keyword.fetch!(settings, :public_endpoint) + + {:ok, file_data} = File.read(path) + + File.rm!(path) + + s3_name = "#{uuid}/#{name}" + + {:ok, result} = + ExAws.S3.put_object(bucket, s3_name, file_data, [ + {:acl, :public_read}, + {:content_type, content_type} + ]) + |> ExAws.request() + + "#{public_endpoint}/#{bucket}/#{s3_name}" + end +end diff --git a/lib/pleroma/uploaders/swift.ex b/lib/pleroma/uploaders/swift.ex new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From 0df558a6a5f5a5f64de57c91074981429da08764 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Mon, 27 Aug 2018 22:45:53 -0300 Subject: cleaning up a bit. --- lib/pleroma/upload.ex | 6 +++--- lib/pleroma/uploaders/local.ex | 7 +++++-- lib/pleroma/uploaders/s3.ex | 4 ++-- lib/pleroma/web/endpoint.ex | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index d7cc8122a..e3ad6757b 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -1,6 +1,5 @@ defmodule Pleroma.Upload do alias Ecto.UUID - alias Pleroma.Web def store(%Plug.Upload{} = file, should_dedupe) do settings = Application.get_env(:pleroma, Pleroma.Upload) @@ -26,7 +25,7 @@ defmodule Pleroma.Upload do "name" => name } end - + """ # XXX: does this code actually work? i am skeptical. --kaniini def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do settings = Application.get_env(:pleroma, Pleroma.Upload) @@ -88,11 +87,12 @@ defmodule Pleroma.Upload do "name" => name } end + """ def strip_exif_data(content_type, file) do settings = Application.get_env(:pleroma, Pleroma.Upload) do_strip = Keyword.fetch!(settings, :strip_exif) - [filetype, ext] = String.split(content_type, "/") + [filetype, _ext] = String.split(content_type, "/") if filetype == "image" and do_strip == true do Mogrify.open(file) |> Mogrify.custom("strip") |> Mogrify.save(in_place: true) diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex index 7e5d7a59b..1ba68776f 100644 --- a/lib/pleroma/uploaders/local.ex +++ b/lib/pleroma/uploaders/local.ex @@ -1,7 +1,10 @@ defmodule Pleroma.Uploaders.Local do - def put_file(name, uuid, file, content_type) do - upload_path = get_upload_path(uuid, should_dedupe) + alias Pleroma.Web + + def put_file(name, uuid, file, _content_type, should_dedupe) do + + upload_folder = get_upload_path(uuid, should_dedupe) url_path = get_url(name, uuid, should_dedupe) File.mkdir_p!(upload_folder) diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index 95f20be67..ea9e49cbf 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -1,6 +1,6 @@ defmodule Pleroma.Uploaders.S3 do - def put_file(name, uuid, path, content_type) do + def put_file(name, uuid, path, content_type, _should_dedupe) do settings = Application.get_env(:pleroma, Pleroma.Uploaders.S3) bucket = Keyword.fetch!(settings, :bucket) @@ -12,7 +12,7 @@ defmodule Pleroma.Uploaders.S3 do s3_name = "#{uuid}/#{name}" - {:ok, result} = + {:ok, _} = ExAws.S3.put_object(bucket, s3_name, file_data, [ {:acl, :public_read}, {:content_type, content_type} diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index cbedca004..1e5ac2721 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -11,7 +11,7 @@ defmodule Pleroma.Web.Endpoint do # # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. - plug(Plug.Static, at: "/media", from: Pleroma.Upload.upload_path(), gzip: false) + plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false) plug( Plug.Static, -- cgit v1.2.3 From 6cbfb5ab5d6eacf2459f137c0b71a9a285c0b576 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Tue, 28 Aug 2018 17:01:17 +0900 Subject: use media proxy for suggestions api --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f482de6fd..091bc62de 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI alias Pleroma.Web.OAuth.{Authorization, Token, App} + alias Pleroma.Web.MediaProxy alias Comeonin.Pbkdf2 import Ecto.Query require Logger @@ -1125,6 +1126,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end ) end) + |> Enum.map(fn x -> + Map.put(x, "avatar", MediaProxy.url(x["avatar"])) + end) + |> Enum.map(fn x -> + Map.put(x, "avatar_static", MediaProxy.url(x["avatar_static"])) + end) conn |> json(data2) -- cgit v1.2.3 From 4656a07e9e394f451ea48646901ae61c7f0c9f86 Mon Sep 17 00:00:00 2001 From: shibayashi Date: Tue, 28 Aug 2018 14:03:29 +0200 Subject: Set SameSite flag to 'Strict' --- lib/pleroma/web/endpoint.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 7bbb9480d..17f6b9bb6 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -52,7 +52,7 @@ defmodule Pleroma.Web.Endpoint do signing_salt: "CqaoopA2", secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), - extra: "SameSite=Lax" + extra: "SameSite=Strict" ) plug(Pleroma.Web.Router) -- cgit v1.2.3 From 8d2d7a8859754ab4beffcc43a87218631b07f378 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Tue, 28 Aug 2018 09:57:41 -0300 Subject: Implement uploader behaviour run formatter <# --- lib/pleroma/upload.ex | 9 +++++---- lib/pleroma/uploaders/local.ex | 2 +- lib/pleroma/uploaders/s3.ex | 2 +- lib/pleroma/uploaders/swift.ex | 1 + 4 files changed, 8 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index e3ad6757b..e786693ad 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -1,17 +1,17 @@ defmodule Pleroma.Upload do alias Ecto.UUID - def store(%Plug.Upload{} = file, should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - storage_backend = Keyword.fetch!(settings, :storage_backend) + @storage_backend Application.get_env(:pleroma, Pleroma.Upload) + |> Keyword.fetch!(:uploader) + def store(%Plug.Upload{} = file, should_dedupe) do content_type = get_content_type(file.path) uuid = get_uuid(file, should_dedupe) name = get_name(file, uuid, content_type, should_dedupe) strip_exif_data(content_type, file.path) - url_path = storage_backend.put_file(name, uuid, content_type) + url_path = @storage_backend.put_file(name, uuid, file, content_type, should_dedupe) %{ "type" => "Document", @@ -25,6 +25,7 @@ defmodule Pleroma.Upload do "name" => name } end + """ # XXX: does this code actually work? i am skeptical. --kaniini def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex index 1ba68776f..b089c8f14 100644 --- a/lib/pleroma/uploaders/local.ex +++ b/lib/pleroma/uploaders/local.ex @@ -1,9 +1,9 @@ defmodule Pleroma.Uploaders.Local do + @behaviour Pleroma.Uploaders.Uploader alias Pleroma.Web def put_file(name, uuid, file, _content_type, should_dedupe) do - upload_folder = get_upload_path(uuid, should_dedupe) url_path = get_url(name, uuid, should_dedupe) diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index ea9e49cbf..e18deb6b3 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -1,7 +1,7 @@ defmodule Pleroma.Uploaders.S3 do + @behaviour Pleroma.Uploaders.Uploader def put_file(name, uuid, path, content_type, _should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Uploaders.S3) bucket = Keyword.fetch!(settings, :bucket) public_endpoint = Keyword.fetch!(settings, :public_endpoint) diff --git a/lib/pleroma/uploaders/swift.ex b/lib/pleroma/uploaders/swift.ex index e69de29bb..8b1378917 100644 --- a/lib/pleroma/uploaders/swift.ex +++ b/lib/pleroma/uploaders/swift.ex @@ -0,0 +1 @@ + -- cgit v1.2.3 From 18ad8aaecfae154deabab6f82da0c06dcf91d4c1 Mon Sep 17 00:00:00 2001 From: shibayashi Date: Tue, 28 Aug 2018 22:34:31 +0200 Subject: Explicitly set 'http_only' to true --- lib/pleroma/web/endpoint.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 17f6b9bb6..6e60c9017 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -50,6 +50,7 @@ defmodule Pleroma.Web.Endpoint do store: :cookie, key: "_pleroma_key", signing_salt: "CqaoopA2", + http_only: true, secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), extra: "SameSite=Strict" -- cgit v1.2.3 From dad39b24a1bca0341d5cf47cc4a32ea66219c654 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Tue, 28 Aug 2018 19:48:03 -0300 Subject: add the behaviour, work on actually making it work. --- lib/pleroma/upload.ex | 50 +++++++++++++-------------------------- lib/pleroma/uploaders/local.ex | 6 ++--- lib/pleroma/uploaders/uploader.ex | 26 ++++++++++++++++++++ 3 files changed, 45 insertions(+), 37 deletions(-) create mode 100644 lib/pleroma/uploaders/uploader.ex (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index e786693ad..16149d4dd 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -1,11 +1,13 @@ defmodule Pleroma.Upload do alias Ecto.UUID + import Logger @storage_backend Application.get_env(:pleroma, Pleroma.Upload) |> Keyword.fetch!(:uploader) def store(%Plug.Upload{} = file, should_dedupe) do content_type = get_content_type(file.path) + uuid = get_uuid(file, should_dedupe) name = get_name(file, uuid, content_type, should_dedupe) @@ -26,23 +28,21 @@ defmodule Pleroma.Upload do } end - """ # XXX: does this code actually work? i am skeptical. --kaniini def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - use_s3 = Keyword.fetch!(settings, :use_s3) - parsed = Regex.named_captures(~r/(?jpeg|png|gif);base64,(?.*)/, image_data) data = Base.decode64!(parsed["data"], ignore: :whitespace) - uuid = UUID.generate() - uuidpath = Path.join(upload_path(), uuid) + + tmp_path = mkupload_for_image(data) + uuid = UUID.generate() - File.mkdir_p!(upload_path()) + # create temp local storage, like plug upload provides for us. - File.write!(uuidpath, data) + Logger.info(tmp_path) - content_type = get_content_type(uuidpath) + content_type = get_content_type(tmp_path) + strip_exif_data(content_type, tmp_path) name = create_name( @@ -51,30 +51,7 @@ defmodule Pleroma.Upload do content_type ) - upload_folder = get_upload_path(uuid, should_dedupe) - url_path = get_url(name, uuid, should_dedupe) - - File.mkdir_p!(upload_folder) - result_file = Path.join(upload_folder, name) - - if should_dedupe do - if !File.exists?(result_file) do - File.rename(uuidpath, result_file) - else - File.rm!(uuidpath) - end - else - File.rename(uuidpath, result_file) - end - - strip_exif_data(content_type, result_file) - - url_path = - if use_s3 do - put_s3_file(name, uuid, result_file, content_type) - else - url_path - end + url_path = @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) %{ "type" => "Image", @@ -88,7 +65,12 @@ defmodule Pleroma.Upload do "name" => name } end - """ + + def mkupload_for_image(data) do + {:ok, tmp_path} = Plug.Upload.random_file("profile_pics") + :file.write_file(tmp_path, data, [:write, :raw, :exclusive, :binary]) + tmp_path + end def strip_exif_data(content_type, file) do settings = Application.get_env(:pleroma, Pleroma.Upload) diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex index b089c8f14..39dca49c9 100644 --- a/lib/pleroma/uploaders/local.ex +++ b/lib/pleroma/uploaders/local.ex @@ -3,7 +3,7 @@ defmodule Pleroma.Uploaders.Local do alias Pleroma.Web - def put_file(name, uuid, file, _content_type, should_dedupe) do + def put_file(name, uuid, tmpfile, _content_type, should_dedupe) do upload_folder = get_upload_path(uuid, should_dedupe) url_path = get_url(name, uuid, should_dedupe) @@ -12,9 +12,9 @@ defmodule Pleroma.Uploaders.Local do result_file = Path.join(upload_folder, name) if File.exists?(result_file) do - File.rm!(file.path) + File.rm!(tmpfile) else - File.cp!(file.path, result_file) + File.cp!(tmpfile, result_file) end url_path diff --git a/lib/pleroma/uploaders/uploader.ex b/lib/pleroma/uploaders/uploader.ex new file mode 100644 index 000000000..7380320af --- /dev/null +++ b/lib/pleroma/uploaders/uploader.ex @@ -0,0 +1,26 @@ +defmodule Pleroma.Uploaders.Uploader do + @moduledoc """ + Defines the contract to put an uploaded file to any backend. + """ + + @doc """ + Put a file to the backend. + + Returns a `String.t` containing the path of the uploaded file. + """ + @callback put_file( + name :: String.t(), + uuid :: String.t(), + file :: File.t(), + content_type :: String.t(), + should_dedupe :: Boolean.t() + ) :: String.t() + + @callback put_file( + name :: String.t(), + uuid :: String.t(), + image_data :: String.t(), + content_type :: String.t(), + should_dedupe :: String.t() + ) :: String.t() +end -- cgit v1.2.3 From 9fc20ed5720bccb77289ce3d6eb9bc3a69ceeb8a Mon Sep 17 00:00:00 2001 From: Thurloat Date: Tue, 28 Aug 2018 20:04:26 -0300 Subject: works now, tested with profile photo upload on local backend. --- lib/pleroma/upload.ex | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index 16149d4dd..b70758dc7 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -1,6 +1,5 @@ defmodule Pleroma.Upload do alias Ecto.UUID - import Logger @storage_backend Application.get_env(:pleroma, Pleroma.Upload) |> Keyword.fetch!(:uploader) @@ -28,19 +27,15 @@ defmodule Pleroma.Upload do } end - # XXX: does this code actually work? i am skeptical. --kaniini def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do parsed = Regex.named_captures(~r/(?jpeg|png|gif);base64,(?.*)/, image_data) data = Base.decode64!(parsed["data"], ignore: :whitespace) - tmp_path = mkupload_for_image(data) + # create temp local storage, like plug upload provides. + tmp_path = tempfile_for_image(data) uuid = UUID.generate() - # create temp local storage, like plug upload provides for us. - - Logger.info(tmp_path) - content_type = get_content_type(tmp_path) strip_exif_data(content_type, tmp_path) @@ -66,9 +61,11 @@ defmodule Pleroma.Upload do } end - def mkupload_for_image(data) do + def tempfile_for_image(data) do {:ok, tmp_path} = Plug.Upload.random_file("profile_pics") - :file.write_file(tmp_path, data, [:write, :raw, :exclusive, :binary]) + {:ok, tmp_file} = File.open(tmp_path, [:write, :raw, :binary]) + IO.binwrite(tmp_file, data) + tmp_path end -- cgit v1.2.3 From 2ff25ac0ceb98f2ee1c803aeb8aecc112e335877 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Tue, 28 Aug 2018 22:32:24 -0300 Subject: A hobbldey-working swift client. apparently, all elixir openstack libraries are trash luckily, the APIs are stupid easy. --- lib/pleroma/upload.ex | 2 +- lib/pleroma/uploaders/swift.ex | 1 - lib/pleroma/uploaders/swift/keystone.ex | 48 +++++++++++++++++++++++++++++++++ lib/pleroma/uploaders/swift/swift.ex | 30 +++++++++++++++++++++ lib/pleroma/uploaders/swift/uploader.ex | 15 +++++++++++ 5 files changed, 94 insertions(+), 2 deletions(-) delete mode 100644 lib/pleroma/uploaders/swift.ex create mode 100644 lib/pleroma/uploaders/swift/keystone.ex create mode 100644 lib/pleroma/uploaders/swift/swift.ex create mode 100644 lib/pleroma/uploaders/swift/uploader.ex (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index b70758dc7..7d3b36287 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -12,7 +12,7 @@ defmodule Pleroma.Upload do strip_exif_data(content_type, file.path) - url_path = @storage_backend.put_file(name, uuid, file, content_type, should_dedupe) + url_path = @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) %{ "type" => "Document", diff --git a/lib/pleroma/uploaders/swift.ex b/lib/pleroma/uploaders/swift.ex deleted file mode 100644 index 8b1378917..000000000 --- a/lib/pleroma/uploaders/swift.ex +++ /dev/null @@ -1 +0,0 @@ - diff --git a/lib/pleroma/uploaders/swift/keystone.ex b/lib/pleroma/uploaders/swift/keystone.ex new file mode 100644 index 000000000..a79214319 --- /dev/null +++ b/lib/pleroma/uploaders/swift/keystone.ex @@ -0,0 +1,48 @@ +defmodule Pleroma.Uploaders.Swift.Keystone do + use HTTPoison.Base + + @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) + + def process_url(url) do + Enum.join( + [Keyword.fetch!(@settings, :auth_url), url], + "/" + ) + end + + def process_response_body(body) do + body + |> Poison.decode!() + end + + def get_token() do + username = Keyword.fetch!(@settings, :username) + password = Keyword.fetch!(@settings, :password) + tenant_id = Keyword.fetch!(@settings, :tenant_id) + + case post( + "/tokens", + make_auth_body(username, password, tenant_id), + ["Content-Type": "application/json"], + hackney: [:insecure] + ) do + {:ok, %HTTPoison.Response{status_code: 200, body: body}} -> + body["access"]["token"]["id"] + + {:ok, %HTTPoison.Response{status_code: _}} -> + "" + end + end + + def make_auth_body(username, password, tenant) do + Poison.encode!(%{ + :auth => %{ + :passwordCredentials => %{ + :username => username, + :password => password + }, + :tenantId => tenant + } + }) + end +end diff --git a/lib/pleroma/uploaders/swift/swift.ex b/lib/pleroma/uploaders/swift/swift.ex new file mode 100644 index 000000000..4f45255f1 --- /dev/null +++ b/lib/pleroma/uploaders/swift/swift.ex @@ -0,0 +1,30 @@ +defmodule Pleroma.Uploaders.Swift.Client do + use HTTPoison.Base + + @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) + + def process_url(url) do + Enum.join( + [Keyword.fetch!(@settings, :storage_url), url], + "/" + ) + end + + def upload_file(filename, body, content_type) do + token = Pleroma.Uploaders.Swift.Keystone.get_token() + + case put("#{filename}", body, "X-Auth-Token": token, "Content-Type": content_type) do + {:ok, %HTTPoison.Response{status_code: 201}} -> + # lgtm + "" + + {:ok, %HTTPoison.Response{status_code: 401}} -> + # bad token + "" + + {:error, _} -> + # bad news + "" + end + end +end diff --git a/lib/pleroma/uploaders/swift/uploader.ex b/lib/pleroma/uploaders/swift/uploader.ex new file mode 100644 index 000000000..c71808c2d --- /dev/null +++ b/lib/pleroma/uploaders/swift/uploader.ex @@ -0,0 +1,15 @@ +defmodule Pleroma.Uploaders.Swift do + @behaviour Pleroma.Uploaders.Uploader + + @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) + + def put_file(name, uuid, tmp_path, content_type, _should_dedupe) do + {:ok, file_data} = File.read(tmp_path) + remote_name = "#{uuid}/#{name}" + + Pleroma.Uploaders.Swift.Client.upload_file(remote_name, file_data, content_type) + + object_url = Keyword.fetch!(@settings, :object_url) + "#{object_url}/#{remote_name}" + end +end -- cgit v1.2.3 From ab9e5d64d6dc6911dadac7219d38f3749971f53c Mon Sep 17 00:00:00 2001 From: Thurloat Date: Tue, 28 Aug 2018 22:39:33 -0300 Subject: add a sample swift config --- lib/mix/tasks/sample_config.eex | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lib') diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 2acf35ed9..3b4953cda 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -44,3 +44,21 @@ config :pleroma, Pleroma.Repo, # For using third-party S3 clones like wasabi, also do: # config :ex_aws, :s3, # host: "s3.wasabisys.com" + + +# Configure Openstack Swift support if desired. +# +# Many openstack deployments are different, so config is left very open with +# no assumptions made on which provider you're using. This should allow very +# wide support without needing separate handlers for OVH, Rackspace, etc. +# +# config :pleroma, Pleroma.Uploaders.Swift, +# container: "some-container", +# username: "api-username-yyyy", +# password: "api-key-xxxx", +# tenant_id: "", +# auth_url: "https://keystone-endpoint.provider.com", +# storage_url: "https://swift-endpoint.prodider.com/v1/AUTH_/", +# object_url: "https://cdn-endpoint.provider.com/" +# + -- cgit v1.2.3 From d424e9fa5f3d0d1ff9e416f6bf548e0e8bb02361 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Tue, 28 Aug 2018 23:49:23 -0300 Subject: fix S3 ref in sample config to generate proper path. --- lib/mix/tasks/sample_config.eex | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 3b4953cda..3881ead26 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -29,8 +29,7 @@ config :pleroma, Pleroma.Repo, # The public S3 endpoint is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # -# config :pleroma, Pleroma.Upload, -# use_s3: true, +# config :pleroma, Pleroma.Uploaders.S3, # bucket: "some-bucket", # public_endpoint: "https://s3.amazonaws.com" # -- cgit v1.2.3 From 81673b81366ee1779802a9fec7f5119e664cd8ce Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 29 Aug 2018 08:37:36 +0000 Subject: activity: add recipients_to and recipients_cc fields --- lib/pleroma/activity.ex | 2 ++ lib/pleroma/web/activity_pub/activity_pub.ex | 21 ++++++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index bed96861f..4f1f8292d 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -8,6 +8,8 @@ defmodule Pleroma.Activity do field(:local, :boolean, default: true) field(:actor, :string) field(:recipients, {:array, :string}) + field(:recipients_to, {:array, :string}) + field(:recipients_cc, {:array, :string}) has_many(:notifications, Notification, on_delete: :delete_all) timestamps() diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 68b398786..fdbd7fed0 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -14,8 +14,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # For Announce activities, we filter the recipients based on following status for any actors # that match actual users. See issue #164 for more information about why this is necessary. - def get_recipients(%{"type" => "Announce"} = data) do - recipients = (data["to"] || []) ++ (data["cc"] || []) + defp get_recipients(%{"type" => "Announce"} = data) do + to = data["to"] || [] + cc = data["cc"] || [] + recipients = to ++ cc actor = User.get_cached_by_ap_id(data["actor"]) recipients @@ -28,10 +30,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do User.following?(user, actor) end end) + + {recipients, to, cc} end - def get_recipients(data) do - (data["to"] || []) ++ (data["cc"] || []) + defp get_recipients(data) do + to = data["to"] || [] + cc = data["cc"] || [] + recipients = to ++ cc + {recipients, to, cc} end defp check_actor_is_active(actor) do @@ -53,12 +60,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do :ok <- check_actor_is_active(map["actor"]), {:ok, map} <- MRF.filter(map), :ok <- insert_full_object(map) do + {recipients, recipients_to, recipients_cc} = get_recipients(map) + {:ok, activity} = Repo.insert(%Activity{ data: map, local: local, actor: map["actor"], - recipients: get_recipients(map) + recipients: recipients, + recipients_to: recipients_to, + recipients_cc: recipients_cc }) Notification.create_notifications(activity) -- cgit v1.2.3 From 643fae6e36881b8883e247df28568e9b54e1b086 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 29 Aug 2018 08:51:23 +0000 Subject: activitypub: allow querying the activity/object graph bounded to a specific to/cc set --- lib/pleroma/web/activity_pub/activity_pub.ex | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index fdbd7fed0..dad9c4865 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -410,6 +410,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_tag(query, _), do: query + defp restrict_to_cc(query, recipients_to, recipients_cc) do + from( + activity in query, + where: + fragment( + "(? && ?) or (? && ?)", + ^recipients_to, + activity.recipients_to, + ^recipients_cc, + activity.recipients_cc + ) + ) + end + defp restrict_recipients(query, [], _user), do: query defp restrict_recipients(query, recipients, nil) do @@ -551,6 +565,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> Enum.reverse() end + def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do + fetch_activities_query([], opts) + |> restrict_to_cc(recipients_to, recipients_cc) + |> Repo.all() + |> Enum.reverse() + end + def upload(file) do data = Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media]) Repo.insert(%Object{data: data}) -- cgit v1.2.3 From ded909120614e5b1fa1f9469c753a30b2d9b16ed Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 29 Aug 2018 08:51:51 +0000 Subject: mastodon api: use bounded AP object graph query to enforce containment of private statuses --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f482de6fd..c90f9fa05 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -850,9 +850,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Map.put("type", "Create") |> Map.put("blocking_user", user) - # adding title is a hack to not make empty lists function like a public timeline + # we must filter the following list for the user to avoid leaking statuses the user + # does not actually have permission to see (for more info, peruse security issue #270). + following_to = + following + |> Enum.filter(fn x -> x in user.following end) + activities = - ActivityPub.fetch_activities([title | following], params) + ActivityPub.fetch_activities_bounded(following_to, following, params) |> Enum.reverse() conn -- cgit v1.2.3 From cce9d008f984475a8f9180ac4fcbef1d7cb8f88a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 29 Aug 2018 09:23:05 +0000 Subject: streamer: contain list updates in the same way as we do with the database query --- lib/pleroma/web/streamer.ex | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/streamer.ex b/lib/pleroma/web/streamer.ex index c61bad830..6b6d40346 100644 --- a/lib/pleroma/web/streamer.ex +++ b/lib/pleroma/web/streamer.ex @@ -1,7 +1,8 @@ defmodule Pleroma.Web.Streamer do use GenServer require Logger - alias Pleroma.{User, Notification, Activity, Object} + alias Pleroma.{User, Notification, Activity, Object, Repo} + alias Pleroma.Web.ActivityPub.ActivityPub def init(args) do {:ok, args} @@ -60,8 +61,24 @@ defmodule Pleroma.Web.Streamer do end def handle_cast(%{action: :stream, topic: "list", item: item}, topics) do + author = User.get_cached_by_ap_id(item.data["actor"]) + + # filter the recipient list if the activity is not public, see #270. + recipient_lists = + case ActivityPub.is_public?(item) do + true -> + Pleroma.List.get_lists_from_activity(item) + + _ -> + Pleroma.List.get_lists_from_activity(item) + |> Enum.filter(fn list -> + owner = Repo.get(User, list.user_id) + author.follower_address in owner.following + end) + end + recipient_topics = - Pleroma.List.get_lists_from_activity(item) + recipient_lists |> Enum.map(fn %{id: id} -> "list:#{id}" end) Enum.each(recipient_topics || [], fn list_topic -> -- cgit v1.2.3 From ddc6f32b757c3d99cf1d1cf40c15d126f40145db Mon Sep 17 00:00:00 2001 From: href Date: Wed, 29 Aug 2018 16:26:36 +0200 Subject: Fix Mastodon API when actor's nickname is null --- lib/pleroma/web/mastodon_api/views/account_view.ex | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index d9edcae7f..133cae3b5 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -28,7 +28,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do %{ id: to_string(user.id), - username: hd(String.split(user.nickname, "@")), + username: username_from_nickname(user.nickname), acct: user.nickname, display_name: user.name || user.nickname, locked: user_info.locked, @@ -56,7 +56,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do %{ id: to_string(user.id), acct: user.nickname, - username: hd(String.split(user.nickname, "@")), + username: username_from_nickname(user.nickname), url: user.ap_id } end @@ -76,4 +76,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do def render("relationships.json", %{user: user, targets: targets}) do render_many(targets, AccountView, "relationship.json", user: user, as: :target) end + + defp username_from_nickname(string) when is_binary(string) do + hd(String.split(string, "@")) + end + + defp username_from_nickname(_), do: nil end -- cgit v1.2.3 From de9acebbf39ca397d9388b12b167b55110611fa6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 29 Aug 2018 18:32:04 +0000 Subject: activitypub: use jsonb query for containment instead of recipients_to/recipients_cc. --- lib/pleroma/web/activity_pub/activity_pub.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index dad9c4865..116dbcf1e 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -415,11 +415,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do activity in query, where: fragment( - "(? && ?) or (? && ?)", + "(?->'to' \\?| ?) or (?->'cc' \\?| ?)", + activity.data, ^recipients_to, - activity.recipients_to, - ^recipients_cc, - activity.recipients_cc + activity.data, + ^recipients_cc ) ) end -- cgit v1.2.3 From 29b5e30c465ccb29465156d66eba02e6c0ef846f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 29 Aug 2018 18:38:30 +0000 Subject: activity: drop recipients_to/recipients_cc fields --- lib/pleroma/activity.ex | 2 -- lib/pleroma/web/activity_pub/activity_pub.ex | 6 ++---- 2 files changed, 2 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 4f1f8292d..bed96861f 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -8,8 +8,6 @@ defmodule Pleroma.Activity do field(:local, :boolean, default: true) field(:actor, :string) field(:recipients, {:array, :string}) - field(:recipients_to, {:array, :string}) - field(:recipients_cc, {:array, :string}) has_many(:notifications, Notification, on_delete: :delete_all) timestamps() diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 116dbcf1e..e6c2dc9cf 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -60,16 +60,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do :ok <- check_actor_is_active(map["actor"]), {:ok, map} <- MRF.filter(map), :ok <- insert_full_object(map) do - {recipients, recipients_to, recipients_cc} = get_recipients(map) + {recipients, _, _} = get_recipients(map) {:ok, activity} = Repo.insert(%Activity{ data: map, local: local, actor: map["actor"], - recipients: recipients, - recipients_to: recipients_to, - recipients_cc: recipients_cc + recipients: recipients }) Notification.create_notifications(activity) -- cgit v1.2.3 From af01f0196a43454728f6e0ca8b9b8be208743251 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Wed, 29 Aug 2018 22:07:28 -0300 Subject: Add backend failure handling with :ok | :error so the uploader can handle it. defaulting to :ok, since that's the currently level of error handling. --- lib/pleroma/upload.ex | 10 +++++++--- lib/pleroma/uploaders/local.ex | 2 +- lib/pleroma/uploaders/s3.ex | 2 +- lib/pleroma/uploaders/swift/swift.ex | 10 ++++------ lib/pleroma/uploaders/swift/uploader.ex | 5 ----- lib/pleroma/uploaders/uploader.ex | 10 +--------- 6 files changed, 14 insertions(+), 25 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index 7d3b36287..f188a5f32 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -12,7 +12,8 @@ defmodule Pleroma.Upload do strip_exif_data(content_type, file.path) - url_path = @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) + {:ok, url_path} = + @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) %{ "type" => "Document", @@ -31,7 +32,6 @@ defmodule Pleroma.Upload do parsed = Regex.named_captures(~r/(?jpeg|png|gif);base64,(?.*)/, image_data) data = Base.decode64!(parsed["data"], ignore: :whitespace) - # create temp local storage, like plug upload provides. tmp_path = tempfile_for_image(data) uuid = UUID.generate() @@ -46,7 +46,7 @@ defmodule Pleroma.Upload do content_type ) - url_path = @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) + {:ok, url_path} = @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) %{ "type" => "Image", @@ -61,6 +61,10 @@ defmodule Pleroma.Upload do } end + @doc """ + Creates a tempfile using the Plug.Upload Genserver which cleans them up + automatically. + """ def tempfile_for_image(data) do {:ok, tmp_path} = Plug.Upload.random_file("profile_pics") {:ok, tmp_file} = File.open(tmp_path, [:write, :raw, :binary]) diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex index 39dca49c9..d4624661f 100644 --- a/lib/pleroma/uploaders/local.ex +++ b/lib/pleroma/uploaders/local.ex @@ -17,7 +17,7 @@ defmodule Pleroma.Uploaders.Local do File.cp!(tmpfile, result_file) end - url_path + {:ok, url_path} end def upload_path do diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index e18deb6b3..ce0ed3e34 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -19,6 +19,6 @@ defmodule Pleroma.Uploaders.S3 do ]) |> ExAws.request() - "#{public_endpoint}/#{bucket}/#{s3_name}" + {:ok, "#{public_endpoint}/#{bucket}/#{s3_name}"} end end diff --git a/lib/pleroma/uploaders/swift/swift.ex b/lib/pleroma/uploaders/swift/swift.ex index 4f45255f1..819dfebda 100644 --- a/lib/pleroma/uploaders/swift/swift.ex +++ b/lib/pleroma/uploaders/swift/swift.ex @@ -11,20 +11,18 @@ defmodule Pleroma.Uploaders.Swift.Client do end def upload_file(filename, body, content_type) do + object_url = Keyword.fetch!(@settings, :object_url) token = Pleroma.Uploaders.Swift.Keystone.get_token() case put("#{filename}", body, "X-Auth-Token": token, "Content-Type": content_type) do {:ok, %HTTPoison.Response{status_code: 201}} -> - # lgtm - "" + {:ok, "#{object_url}/#{filename}"} {:ok, %HTTPoison.Response{status_code: 401}} -> - # bad token - "" + {:error, "Unauthorized, Bad Token"} {:error, _} -> - # bad news - "" + {:error, "Swift Upload Error"} end end end diff --git a/lib/pleroma/uploaders/swift/uploader.ex b/lib/pleroma/uploaders/swift/uploader.ex index c71808c2d..794f76cb0 100644 --- a/lib/pleroma/uploaders/swift/uploader.ex +++ b/lib/pleroma/uploaders/swift/uploader.ex @@ -1,15 +1,10 @@ defmodule Pleroma.Uploaders.Swift do @behaviour Pleroma.Uploaders.Uploader - @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) - def put_file(name, uuid, tmp_path, content_type, _should_dedupe) do {:ok, file_data} = File.read(tmp_path) remote_name = "#{uuid}/#{name}" Pleroma.Uploaders.Swift.Client.upload_file(remote_name, file_data, content_type) - - object_url = Keyword.fetch!(@settings, :object_url) - "#{object_url}/#{remote_name}" end end diff --git a/lib/pleroma/uploaders/uploader.ex b/lib/pleroma/uploaders/uploader.ex index 7380320af..19bea77dc 100644 --- a/lib/pleroma/uploaders/uploader.ex +++ b/lib/pleroma/uploaders/uploader.ex @@ -14,13 +14,5 @@ defmodule Pleroma.Uploaders.Uploader do file :: File.t(), content_type :: String.t(), should_dedupe :: Boolean.t() - ) :: String.t() - - @callback put_file( - name :: String.t(), - uuid :: String.t(), - image_data :: String.t(), - content_type :: String.t(), - should_dedupe :: String.t() - ) :: String.t() + ) :: {:ok, String.t()} | {:error, String.t()} end -- cgit v1.2.3 From adffad55028a8c43a6f2fcf43376009a43c25cf7 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Thu, 30 Aug 2018 09:20:29 -0300 Subject: increase uploader behaviour documentation accuracy. --- lib/pleroma/uploaders/uploader.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/uploader.ex b/lib/pleroma/uploaders/uploader.ex index 19bea77dc..b58fc6d71 100644 --- a/lib/pleroma/uploaders/uploader.ex +++ b/lib/pleroma/uploaders/uploader.ex @@ -6,7 +6,9 @@ defmodule Pleroma.Uploaders.Uploader do @doc """ Put a file to the backend. - Returns a `String.t` containing the path of the uploaded file. + Returns `{:ok, String.t } | {:error, String.t} containing the path of the + uploaded file, or error information if the file failed to be saved to the + respective backend. """ @callback put_file( name :: String.t(), -- cgit v1.2.3 From 6aa65b68b82c8ad7f6246dc5ccf1ac7673ce3e22 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 31 Aug 2018 03:13:59 +0000 Subject: common api: add support for formatting messages outside of twitter-style plain text --- lib/pleroma/formatter.ex | 6 +++- lib/pleroma/web/common_api/common_api.ex | 9 +++++- lib/pleroma/web/common_api/utils.ex | 34 +++++++++++++++++++--- .../web/twitter_api/twitter_api_controller.ex | 2 +- 4 files changed, 44 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index cf2944c38..93cd12fa6 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -188,7 +188,11 @@ defmodule Pleroma.Formatter do ] # TODO: make it use something other than @link_regex - def html_escape(text) do + def html_escape(text, "text/html") do + HtmlSanitizeEx.basic_html(text) + end + + def html_escape(text, "text/plain") do Regex.split(@link_regex, text, include_captures: true) |> Enum.map_every(2, fn chunk -> {:safe, part} = Phoenix.HTML.html_escape(chunk) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 125c57d05..2ab50c968 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -85,7 +85,14 @@ defmodule Pleroma.Web.CommonAPI do {to, cc} <- to_for_user_and_mentions(user, mentions, inReplyTo, visibility), tags <- Formatter.parse_tags(status, data), content_html <- - make_content_html(status, mentions, attachments, tags, data["no_attachment_links"]), + make_content_html( + status, + mentions, + attachments, + tags, + data["content_type"] || "text/plain", + data["no_attachment_links"] + ), context <- make_context(inReplyTo), cw <- data["spoiler_text"], object <- diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 358ca22ac..667027c02 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -63,9 +63,16 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end - def make_content_html(status, mentions, attachments, tags, no_attachment_links \\ false) do + def make_content_html( + status, + mentions, + attachments, + tags, + content_type, + no_attachment_links \\ false + ) do status - |> format_input(mentions, tags) + |> format_input(mentions, tags, content_type) |> maybe_add_attachments(attachments, no_attachment_links) end @@ -92,9 +99,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do Enum.join([text | attachment_text], "
") end - def format_input(text, mentions, tags) do + def format_input(text, mentions, tags, "text/plain") do text - |> Formatter.html_escape() + |> Formatter.html_escape("text/plain") |> String.replace(~r/\r?\n/, "
") |> (&{[], &1}).() |> Formatter.add_links() @@ -103,6 +110,25 @@ defmodule Pleroma.Web.CommonAPI.Utils do |> Formatter.finalize() end + def format_input(text, mentions, tags, "text/html") do + text + |> Formatter.html_escape("text/html") + |> String.replace(~r/\r?\n/, "
") + |> (&{[], &1}).() + |> Formatter.add_user_links(mentions) + |> Formatter.finalize() + end + + def format_input(text, mentions, tags, "text/markdown") do + text + |> Earmark.as_html!() + |> Formatter.html_escape("text/html") + |> String.replace(~r/\r?\n/, "") + |> (&{[], &1}).() + |> Formatter.add_user_links(mentions) + |> Formatter.finalize() + end + def add_tag_links(text, tags) do tags = tags diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index b3a56b27e..244d31dda 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -423,7 +423,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do {String.trim(name, ":"), url} end) - bio_html = CommonUtils.format_input(bio, mentions, tags) + bio_html = CommonUtils.format_input(bio, mentions, tags, "text/plain") Map.put(params, "bio", bio_html |> Formatter.emojify(emoji)) else params -- cgit v1.2.3 From 856b5e1ca4d84e097cb78dbf34cf9861faa25e5e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 31 Aug 2018 04:01:21 +0000 Subject: config: chase pleroma-fe updates from MR pleroma-fe!324. --- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index d1ecebf61..68e9a47b7 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -168,6 +168,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do theme: Keyword.get(@instance_fe, :theme), background: Keyword.get(@instance_fe, :background), logo: Keyword.get(@instance_fe, :logo), + logoMask: Keyword.get(@instance_fe, :logo_mask), + logoMargin: Keyword.get(@instance_fe, :logo_margin), redirectRootNoLogin: Keyword.get(@instance_fe, :redirect_root_no_login), redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), chatDisabled: !Keyword.get(@instance_chat, :enabled), -- cgit v1.2.3 From 58539e13573681238fdd4d4e7334666389084be3 Mon Sep 17 00:00:00 2001 From: lambda Date: Fri, 31 Aug 2018 09:51:20 +0000 Subject: Revert "Merge branch 'feature/rich-text' into 'develop'" This reverts merge request !309 --- lib/pleroma/formatter.ex | 6 +--- lib/pleroma/web/common_api/common_api.ex | 9 +----- lib/pleroma/web/common_api/utils.ex | 34 +++------------------- .../web/twitter_api/twitter_api_controller.ex | 2 +- 4 files changed, 7 insertions(+), 44 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 93cd12fa6..cf2944c38 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -188,11 +188,7 @@ defmodule Pleroma.Formatter do ] # TODO: make it use something other than @link_regex - def html_escape(text, "text/html") do - HtmlSanitizeEx.basic_html(text) - end - - def html_escape(text, "text/plain") do + def html_escape(text) do Regex.split(@link_regex, text, include_captures: true) |> Enum.map_every(2, fn chunk -> {:safe, part} = Phoenix.HTML.html_escape(chunk) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 2ab50c968..125c57d05 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -85,14 +85,7 @@ defmodule Pleroma.Web.CommonAPI do {to, cc} <- to_for_user_and_mentions(user, mentions, inReplyTo, visibility), tags <- Formatter.parse_tags(status, data), content_html <- - make_content_html( - status, - mentions, - attachments, - tags, - data["content_type"] || "text/plain", - data["no_attachment_links"] - ), + make_content_html(status, mentions, attachments, tags, data["no_attachment_links"]), context <- make_context(inReplyTo), cw <- data["spoiler_text"], object <- diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 667027c02..358ca22ac 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -63,16 +63,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end - def make_content_html( - status, - mentions, - attachments, - tags, - content_type, - no_attachment_links \\ false - ) do + def make_content_html(status, mentions, attachments, tags, no_attachment_links \\ false) do status - |> format_input(mentions, tags, content_type) + |> format_input(mentions, tags) |> maybe_add_attachments(attachments, no_attachment_links) end @@ -99,9 +92,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do Enum.join([text | attachment_text], "
") end - def format_input(text, mentions, tags, "text/plain") do + def format_input(text, mentions, tags) do text - |> Formatter.html_escape("text/plain") + |> Formatter.html_escape() |> String.replace(~r/\r?\n/, "
") |> (&{[], &1}).() |> Formatter.add_links() @@ -110,25 +103,6 @@ defmodule Pleroma.Web.CommonAPI.Utils do |> Formatter.finalize() end - def format_input(text, mentions, tags, "text/html") do - text - |> Formatter.html_escape("text/html") - |> String.replace(~r/\r?\n/, "
") - |> (&{[], &1}).() - |> Formatter.add_user_links(mentions) - |> Formatter.finalize() - end - - def format_input(text, mentions, tags, "text/markdown") do - text - |> Earmark.as_html!() - |> Formatter.html_escape("text/html") - |> String.replace(~r/\r?\n/, "") - |> (&{[], &1}).() - |> Formatter.add_user_links(mentions) - |> Formatter.finalize() - end - def add_tag_links(text, tags) do tags = tags diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 244d31dda..b3a56b27e 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -423,7 +423,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do {String.trim(name, ":"), url} end) - bio_html = CommonUtils.format_input(bio, mentions, tags, "text/plain") + bio_html = CommonUtils.format_input(bio, mentions, tags) Map.put(params, "bio", bio_html |> Formatter.emojify(emoji)) else params -- cgit v1.2.3 From a9c0f395cb4d854e552a3205cb5b38ff610f8e27 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Fri, 31 Aug 2018 14:28:39 -0300 Subject: add nil clause for Formatter.get_emoji/1 to return an empty result --- lib/pleroma/formatter.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index cf2944c38..fc2c643da 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -157,6 +157,8 @@ defmodule Pleroma.Formatter do end) end + def get_emoji(nil), do: [] + def get_emoji(text) do Enum.filter(@emoji, fn {emoji, _} -> String.contains?(text, ":#{emoji}:") end) end -- cgit v1.2.3 From 8885d16e1b655c27c779e1bae72cab35602e585e Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 1 Sep 2018 03:08:54 +0200 Subject: [Pleroma.Web.MastodonAPI.MastodonAPIController].search(2)?: Remove code duplication --- .../web/mastodon_api/mastodon_api_controller.ex | 38 +++++----------------- 1 file changed, 9 insertions(+), 29 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index bd6f04c55..e0267f1dc 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -654,9 +654,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, %{}) end - def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do - accounts = User.search(query, params["resolve"] == "true") - + def status_search(query) do fetched = if Regex.match?(~r/https?:/, query) do with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do @@ -681,7 +679,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do order_by: [desc: :id] ) - statuses = Repo.all(q) ++ fetched + Repo.all(q) ++ fetched + end + + def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do + accounts = User.search(query, params["resolve"] == "true") + + statuses = status_search(query) tags_path = Web.base_url() <> "/tag/" @@ -705,31 +709,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do accounts = User.search(query, params["resolve"] == "true") - fetched = - if Regex.match?(~r/https?:/, query) do - with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do - [Activity.get_create_activity_by_object_ap_id(object.data["id"])] - else - _e -> [] - end - end || [] - - q = - from( - a in Activity, - where: fragment("?->>'type' = 'Create'", a.data), - where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, - where: - fragment( - "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", - a.data, - ^query - ), - limit: 20, - order_by: [desc: :id] - ) - - statuses = Repo.all(q) ++ fetched + statuses = status_search(query) tags = String.split(query) -- cgit v1.2.3 From 0c2a0e3551f26bff8fa6161356ddcefb791baccf Mon Sep 17 00:00:00 2001 From: Will Pearson Date: Fri, 31 Aug 2018 20:59:43 -0700 Subject: Specify default scope in verify_credentials Certain Mastodon/Pleroma front ends call verify_credentials to get the default scope of a new toot. Currently, Pleroma hardcodes this value to "public". This patch changes it to the user's default_scope value. --- lib/pleroma/user.ex | 3 ++- lib/pleroma/web/mastodon_api/views/account_view.ex | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index fca490cb1..64c69b209 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -68,7 +68,8 @@ defmodule Pleroma.User do following_count: length(user.following) - oneself, note_count: user.info["note_count"] || 0, follower_count: user.info["follower_count"] || 0, - locked: user.info["locked"] || false + locked: user.info["locked"] || false, + default_scope: user.info["default_scope"] || "public" } end diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 133cae3b5..7bc32e688 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -46,7 +46,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do fields: [], source: %{ note: "", - privacy: "public", + privacy: user_info.default_scope, sensitive: "false" } } -- cgit v1.2.3 From c921d998988a0a1b38f10027e66bd06fbcd568e6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 1 Sep 2018 21:03:35 +0000 Subject: config: add ability to disable Pleroma FE config management (closes #276) --- .../web/twitter_api/controllers/util_controller.ex | 57 +++++++++++++--------- 1 file changed, 33 insertions(+), 24 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 68e9a47b7..5b24809f9 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -156,30 +156,39 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do |> send_resp(200, response) _ -> - json(conn, %{ - site: %{ - name: Keyword.get(@instance, :name), - description: Keyword.get(@instance, :description), - server: Web.base_url(), - textlimit: to_string(Keyword.get(@instance, :limit)), - closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1"), - private: if(Keyword.get(@instance, :public, true), do: "0", else: "1"), - pleromafe: %{ - theme: Keyword.get(@instance_fe, :theme), - background: Keyword.get(@instance_fe, :background), - logo: Keyword.get(@instance_fe, :logo), - logoMask: Keyword.get(@instance_fe, :logo_mask), - logoMargin: Keyword.get(@instance_fe, :logo_margin), - redirectRootNoLogin: Keyword.get(@instance_fe, :redirect_root_no_login), - redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), - chatDisabled: !Keyword.get(@instance_chat, :enabled), - showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), - scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), - collapseMessageWithSubject: - Keyword.get(@instance_fe, :collapse_message_with_subject) - } - } - }) + data = %{ + name: Keyword.get(@instance, :name), + description: Keyword.get(@instance, :description), + server: Web.base_url(), + textlimit: to_string(Keyword.get(@instance, :limit)), + closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1"), + private: if(Keyword.get(@instance, :public, true), do: "0", else: "1") + } + + pleroma_fe = %{ + theme: Keyword.get(@instance_fe, :theme), + background: Keyword.get(@instance_fe, :background), + logo: Keyword.get(@instance_fe, :logo), + logoMask: Keyword.get(@instance_fe, :logo_mask), + logoMargin: Keyword.get(@instance_fe, :logo_margin), + redirectRootNoLogin: Keyword.get(@instance_fe, :redirect_root_no_login), + redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), + chatDisabled: !Keyword.get(@instance_chat, :enabled), + showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), + scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), + collapseMessageWithSubject: + Keyword.get(@instance_fe, :collapse_message_with_subject) + } + + managed_config = Keyword.get(@instance, :managed_config) + data = + if managed_config do + data |> Map.put("pleromafe", pleroma_fe) + else + data + end + + json(conn, %{site: data}) end end -- cgit v1.2.3 From b60d2327199965a165c8456a487f929f9ef56651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 29 Aug 2018 00:51:25 +0200 Subject: AccountView: `sensitive` is supposed to be a boolean, not a string --- lib/pleroma/web/mastodon_api/views/account_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 7bc32e688..fb42e82c8 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -47,7 +47,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do source: %{ note: "", privacy: user_info.default_scope, - sensitive: "false" + sensitive: false } } end -- cgit v1.2.3 From ad2a7972e75e8738147aa5e67b6db04b45800b3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 29 Aug 2018 01:07:17 +0200 Subject: OAuth: Set `created_at` in token exchange response (for compatibility with Mastodon) --- lib/pleroma/web/oauth/oauth_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index a5fb32a4e..934171585 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -60,11 +60,13 @@ defmodule Pleroma.Web.OAuth.OAuthController do fixed_token = fix_padding(params["code"]), %Authorization{} = auth <- Repo.get_by(Authorization, token: fixed_token, app_id: app.id), - {:ok, token} <- Token.exchange_token(app, auth) do + {:ok, token} <- Token.exchange_token(app, auth), + {:ok, inserted_at} <- DateTime.from_naive(token.inserted_at, "Etc/UTC") do response = %{ token_type: "Bearer", access_token: token.token, refresh_token: token.refresh_token, + created_at: DateTime.to_unix(inserted_at), expires_in: 60 * 10, scope: "read write follow" } -- cgit v1.2.3 From 84d84e4ca49c02180828d65d95b841953ed04ef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 29 Aug 2018 01:25:40 +0200 Subject: OAuth: Support /revoke endpoint for revoking tokens (for compatibility with Mastodon) --- lib/pleroma/web/oauth/oauth_controller.ex | 12 ++++++++++++ lib/pleroma/web/router.ex | 1 + 2 files changed, 13 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 934171585..160cedd8e 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -118,6 +118,18 @@ defmodule Pleroma.Web.OAuth.OAuthController do token_exchange(conn, params) end + def token_revoke(conn, %{"token" => token} = params) do + with %App{} = app <- get_app_from_request(conn, params), + %Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id), + {:ok, %Token{}} <- Repo.delete(token) do + json(conn, %{}) + else + _error -> + # RFC 7009: invalid tokens [in the request] do not cause an error response + json(conn, %{}) + end + end + defp fix_padding(token) do token |> Base.url_decode64!(padding: false) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 927323794..5f746df31 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -93,6 +93,7 @@ defmodule Pleroma.Web.Router do get("/authorize", OAuthController, :authorize) post("/authorize", OAuthController, :create_authorization) post("/token", OAuthController, :token_exchange) + post("/revoke", OAuthController, :token_revoke) end scope "/api/v1", Pleroma.Web.MastodonAPI do -- cgit v1.2.3 From e2ce0e9e05ad09797f18b1a6adff4616704a48cc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 1 Sep 2018 21:12:42 +0000 Subject: run `mix format`. --- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 5b24809f9..886b70f5f 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -176,11 +176,11 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do chatDisabled: !Keyword.get(@instance_chat, :enabled), showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), - collapseMessageWithSubject: - Keyword.get(@instance_fe, :collapse_message_with_subject) + collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject) } managed_config = Keyword.get(@instance, :managed_config) + data = if managed_config do data |> Map.put("pleromafe", pleroma_fe) -- cgit v1.2.3 From 0b2c051a04b3eeb7292f2b847c98fcbafbb20ed2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 1 Sep 2018 23:20:02 +0000 Subject: activitypub: fix possibility of spoofing by containing remote objects to the same domain as their actor --- lib/pleroma/web/activity_pub/activity_pub.ex | 1 + lib/pleroma/web/activity_pub/transmogrifier.ex | 14 ++++++++++++++ 2 files changed, 15 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index e6c2dc9cf..81c11dd76 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -747,6 +747,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "actor" => data["attributedTo"], "object" => data }, + :ok <- Transmogrifier.contain_origin(id, params), {:ok, activity} <- Transmogrifier.handle_incoming(params) do {:ok, Object.normalize(activity.data["object"])} else diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1367bc7e3..b75422fc6 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -30,6 +30,20 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do actor["id"] end + @doc """ + Checks that an imported AP object's actor matches the domain it came from. + """ + def contain_origin(id, %{"actor" => actor}) do + id_uri = URI.parse(id) + actor_uri = URI.parse(actor) + + if id_uri.host == actor_uri.host do + :ok + else + :error + end + end + @doc """ Modifies an incoming AP object (mastodon format) to our internal format. """ -- cgit v1.2.3 From 03e92977cb95ccc81b92c927049a3e4421917cd2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 1 Sep 2018 23:44:19 +0000 Subject: transmogrifier: fix peertube/plume actor handling --- lib/pleroma/web/activity_pub/transmogrifier.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index b75422fc6..4a3a82195 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -33,9 +33,9 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do @doc """ Checks that an imported AP object's actor matches the domain it came from. """ - def contain_origin(id, %{"actor" => actor}) do + def contain_origin(id, %{"actor" => actor} = params) do id_uri = URI.parse(id) - actor_uri = URI.parse(actor) + actor_uri = URI.parse(get_actor(params)) if id_uri.host == actor_uri.host do :ok -- cgit v1.2.3 From 834515fb511ecb8021b81f355cb2d629887edeef Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 2 Sep 2018 00:04:09 +0000 Subject: formatter: don't add XSS emoji --- lib/pleroma/formatter.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index cf2944c38..9be54e863 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -154,6 +154,7 @@ defmodule Pleroma.Formatter do MediaProxy.url(file) }' />" ) + |> HtmlSanitizeEx.basic_html() end) end -- cgit v1.2.3 From 754deb26dd7ad9bf431d6d3edc3004b4f27ca8b0 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 1 Sep 2018 17:14:14 +0200 Subject: [Pleroma.Uploaders.Local]: Add configuration for custom url path One use-case being an external caching proxy --- lib/pleroma/uploaders/local.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex index d4624661f..d96481c8d 100644 --- a/lib/pleroma/uploaders/local.ex +++ b/lib/pleroma/uploaders/local.ex @@ -42,6 +42,10 @@ defmodule Pleroma.Uploaders.Local do end defp url_for(file) do - "#{Web.base_url()}/media/#{file}" + settings = Application.get_env(:pleroma, Pleroma.Uploaders.Local) + + Keyword.get(settings, :uploads_url) + |> String.replace("{{file}}", file) + |> String.replace("{{base_url}}", Web.base_url()) end end -- cgit v1.2.3 From 4257f784bc8e742888e978fccbab0f566c549376 Mon Sep 17 00:00:00 2001 From: Thurloat Date: Sun, 2 Sep 2018 20:44:37 -0300 Subject: sloop around get_emoji/1 to check is_binary and have a fallthrough default that returns empty --- lib/pleroma/formatter.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index fc2c643da..e5ccc7a49 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -157,12 +157,12 @@ defmodule Pleroma.Formatter do end) end - def get_emoji(nil), do: [] - - def get_emoji(text) do + def get_emoji(text) when is_binary(text) do Enum.filter(@emoji, fn {emoji, _} -> String.contains?(text, ":#{emoji}:") end) end + def get_emoji(_), do: [] + def get_custom_emoji() do @emoji end -- cgit v1.2.3 From 2b2bd0e047c96085dda003f0ae11ddc05bbc8c12 Mon Sep 17 00:00:00 2001 From: shadowfacts Date: Mon, 3 Sep 2018 01:40:05 +0000 Subject: Render notification IDs as strings, not numbers --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e0267f1dc..b3c234010 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1033,7 +1033,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do case activity.data["type"] do "Create" -> %{ - id: id, + id: id |> to_string, type: "mention", created_at: created_at, account: AccountView.render("account.json", %{user: actor}), @@ -1044,7 +1044,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do liked_activity = Activity.get_create_activity_by_object_ap_id(activity.data["object"]) %{ - id: id, + id: id |> to_string, type: "favourite", created_at: created_at, account: AccountView.render("account.json", %{user: actor}), @@ -1055,7 +1055,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do announced_activity = Activity.get_create_activity_by_object_ap_id(activity.data["object"]) %{ - id: id, + id: id |> to_string, type: "reblog", created_at: created_at, account: AccountView.render("account.json", %{user: actor}), @@ -1064,7 +1064,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do "Follow" -> %{ - id: id, + id: id |> to_string, type: "follow", created_at: created_at, account: AccountView.render("account.json", %{user: actor}) -- cgit v1.2.3 From 26f8697400cf9c9fd4d33748bf3aadedbb55d981 Mon Sep 17 00:00:00 2001 From: shadowfacts Date: Mon, 3 Sep 2018 01:52:02 +0000 Subject: Update mastodon_api_controller.ex --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index b3c234010..576e9d3ce 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1029,11 +1029,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do created_at = NaiveDateTime.to_iso8601(created_at) |> String.replace(~r/(\.\d+)?$/, ".000Z", global: false) + + id = id |> to_string case activity.data["type"] do "Create" -> %{ - id: id |> to_string, + id: id, type: "mention", created_at: created_at, account: AccountView.render("account.json", %{user: actor}), @@ -1044,7 +1046,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do liked_activity = Activity.get_create_activity_by_object_ap_id(activity.data["object"]) %{ - id: id |> to_string, + id: id, type: "favourite", created_at: created_at, account: AccountView.render("account.json", %{user: actor}), @@ -1055,7 +1057,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do announced_activity = Activity.get_create_activity_by_object_ap_id(activity.data["object"]) %{ - id: id |> to_string, + id: id, type: "reblog", created_at: created_at, account: AccountView.render("account.json", %{user: actor}), @@ -1064,7 +1066,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do "Follow" -> %{ - id: id |> to_string, + id: id, type: "follow", created_at: created_at, account: AccountView.render("account.json", %{user: actor}) -- cgit v1.2.3 From 35515cfa66f39d618be5702137d296b7bc25b65e Mon Sep 17 00:00:00 2001 From: shadowfacts Date: Mon, 3 Sep 2018 01:58:55 +0000 Subject: Update mastodon_api_controller.ex --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 576e9d3ce..8279db93e 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1029,7 +1029,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do created_at = NaiveDateTime.to_iso8601(created_at) |> String.replace(~r/(\.\d+)?$/, ".000Z", global: false) - + id = id |> to_string case activity.data["type"] do -- cgit v1.2.3 From b61430163ba983f1d8a1d762f4eec743ed7ffab1 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 3 Sep 2018 12:03:23 +0000 Subject: user: add moderator_user_query() --- lib/pleroma/user.ex | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 64c69b209..1dad30e87 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -609,6 +609,14 @@ defmodule Pleroma.User do ) end + def moderator_user_query() do + from( + u in User, + where: u.local == true, + where: fragment("?->'is_moderator' @> 'true'", u.info) + ) + end + def deactivate(%User{} = user) do new_info = Map.put(user.info, "deactivated", true) cs = User.info_changeset(user, %{info: new_info}) -- cgit v1.2.3 From b1124f1605717ec841d3693745536e49bdadd8c5 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Mon, 3 Sep 2018 21:13:30 +0900 Subject: report chat and gopher support at /nodeinfo/2.0.json --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 2fab60274..9155e42cd 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -22,6 +22,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do instance = Application.get_env(:pleroma, :instance) media_proxy = Application.get_env(:pleroma, :media_proxy) suggestions = Application.get_env(:pleroma, :suggestions) + chat = Application.get_env(:pleroma, :chat) + gopher = Application.get_env(:pleroma, :gopher) stats = Stats.get_stats() response = %{ @@ -52,7 +54,9 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do thirdPartyEngine: Keyword.get(suggestions, :third_party_engine, ""), timeout: Keyword.get(suggestions, :timeout, 5000), web: Keyword.get(suggestions, :web, "") - } + }, + chat: Keyword.get(chat, :enabled), + gopher: Keyword.get(gopher, :enabled) } } -- cgit v1.2.3 From 9a21ff5f619b61dd1942b9d3044bdbe1f61666af Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 3 Sep 2018 14:35:51 +0000 Subject: nodeinfo: add staffAccounts field to metadata --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 2fab60274..d95addb0b 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -3,6 +3,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do alias Pleroma.Stats alias Pleroma.Web + alias Pleroma.{User, Repo} def schemas(conn, _params) do response = %{ @@ -24,6 +25,11 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do suggestions = Application.get_env(:pleroma, :suggestions) stats = Stats.get_stats() + staff_accounts = + User.moderator_user_query() + |> Repo.all() + |> Enum.map(fn u -> u.ap_id end) + response = %{ version: "2.0", software: %{ @@ -52,7 +58,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do thirdPartyEngine: Keyword.get(suggestions, :third_party_engine, ""), timeout: Keyword.get(suggestions, :timeout, 5000), web: Keyword.get(suggestions, :web, "") - } + }, + staffAccounts: staff_accounts } } -- cgit v1.2.3 From 1a8bc26e52745909d6fc9ca7d04098d0dd247cfa Mon Sep 17 00:00:00 2001 From: Moon Man Date: Wed, 5 Sep 2018 00:21:44 -0400 Subject: auth against sha512-crypt password hashes, upgrade to pbkdf2 --- lib/pleroma/plugs/authentication_plug.ex | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 86a514541..616d31df4 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -14,7 +14,17 @@ defmodule Pleroma.Plugs.AuthenticationPlug do {:ok, user} <- opts[:fetcher].(username), false <- !!user.info["deactivated"], saved_user_id <- get_session(conn, :user_id), + legacy_password <- String.starts_with?(user.password_hash, "$6$"), + update_legacy_password <- + !(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false), {:ok, verified_user} <- verify(user, password, saved_user_id) do + if legacy_password and update_legacy_password do + User.reset_password(verified_user, %{ + :password => password, + :password_confirmation => password + }) + end + conn |> assign(:user, verified_user) |> put_session(:user_id, verified_user.id) @@ -34,7 +44,18 @@ defmodule Pleroma.Plugs.AuthenticationPlug do end defp verify(user, password, _user_id) do - if Pbkdf2.checkpw(password, user.password_hash) do + is_legacy = String.starts_with?(user.password_hash, "$6$") + + valid = + cond do + is_legacy -> + :crypt.crypt(password, user.password_hash) == user.password_hash + + true -> + Pbkdf2.checkpw(password, user.password_hash) + end + + if valid do {:ok, user} else :error -- cgit v1.2.3 From 8b020e03a699beb24d054108cf027b3fbbab2267 Mon Sep 17 00:00:00 2001 From: Moon Man Date: Wed, 5 Sep 2018 01:37:48 -0400 Subject: change cond to if else --- lib/pleroma/plugs/authentication_plug.ex | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 616d31df4..ffecb403d 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -44,15 +44,11 @@ defmodule Pleroma.Plugs.AuthenticationPlug do end defp verify(user, password, _user_id) do - is_legacy = String.starts_with?(user.password_hash, "$6$") - valid = - cond do - is_legacy -> - :crypt.crypt(password, user.password_hash) == user.password_hash - - true -> - Pbkdf2.checkpw(password, user.password_hash) + if String.starts_with?(user.password_hash, "$6$") do + :crypt.crypt(password, user.password_hash) == user.password_hash + else + Pbkdf2.checkpw(password, user.password_hash) end if valid do -- cgit v1.2.3 From 42bd985e6654a4af55df622753c3f0664e5c6bae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:30:05 +0200 Subject: Add BasicAuthDecoderPlug --- lib/pleroma/plugs/basic_auth_decoder_plug.ex | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 lib/pleroma/plugs/basic_auth_decoder_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/basic_auth_decoder_plug.ex b/lib/pleroma/plugs/basic_auth_decoder_plug.ex new file mode 100644 index 000000000..fc8fcee98 --- /dev/null +++ b/lib/pleroma/plugs/basic_auth_decoder_plug.ex @@ -0,0 +1,21 @@ +defmodule Pleroma.Plugs.BasicAuthDecoderPlug do + import Plug.Conn + + def init(options) do + options + end + + def call(conn, opts) do + with ["Basic " <> header] <- get_req_header(conn, "authorization"), + {:ok, userinfo} <- Base.decode64(header), + [username, password] <- String.split(userinfo, ":", parts: 2) do + conn + |> assign(:auth_credentials, %{ + username: username, + password: password + }) + else + _ -> conn + end + end +end -- cgit v1.2.3 From faf53477488edfc6ba4268529f9945a494f30aee Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:44:38 +0200 Subject: Add UserFetcherPlug. --- lib/pleroma/plugs/user_fetcher_plug.ex | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 lib/pleroma/plugs/user_fetcher_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/user_fetcher_plug.ex b/lib/pleroma/plugs/user_fetcher_plug.ex new file mode 100644 index 000000000..9cbaaf40a --- /dev/null +++ b/lib/pleroma/plugs/user_fetcher_plug.ex @@ -0,0 +1,34 @@ +defmodule Pleroma.Plugs.UserFetcherPlug do + import Plug.Conn + alias Pleroma.Repo + alias Pleroma.User + + def init(options) do + options + end + + def call(conn, options) do + with %{auth_credentials: %{username: username}} <- conn.assigns, + {:ok, %User{} = user} <- user_fetcher(username) do + conn + |> assign(:auth_user, user) + else + _ -> conn + end + end + + defp user_fetcher(username_or_email) do + { + :ok, + cond do + # First, try logging in as if it was a name + user = Repo.get_by(User, %{nickname: username_or_email}) -> + user + + # If we get nil, we try using it as an email + user = Repo.get_by(User, %{email: username_or_email}) -> + user + end + } + end +end -- cgit v1.2.3 From 3cf17dc402ceab7f823edc263ad09af7013d0646 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 17:59:19 +0200 Subject: Add EnsureAuthenticatedPlug --- lib/pleroma/plugs/ensure_authenticated_plug.ex | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 lib/pleroma/plugs/ensure_authenticated_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/ensure_authenticated_plug.ex b/lib/pleroma/plugs/ensure_authenticated_plug.ex new file mode 100644 index 000000000..bca44eb2c --- /dev/null +++ b/lib/pleroma/plugs/ensure_authenticated_plug.ex @@ -0,0 +1,19 @@ +defmodule Pleroma.Plugs.EnsureAuthenticatedPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{}}} = conn, _) do + conn + end + + def call(conn, _) do + conn + |> put_resp_content_type("application/json") + |> send_resp(403, Jason.encode!(%{error: "Invalid credentials."})) + |> halt + end +end -- cgit v1.2.3 From a3f54fca4d67fd7938ae00752c2cd409b6cf15ae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:17:33 +0200 Subject: Add LegacyAuthenticationPlug --- lib/pleroma/plugs/legacy_authentication_plug.ex | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 lib/pleroma/plugs/legacy_authentication_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/legacy_authentication_plug.ex b/lib/pleroma/plugs/legacy_authentication_plug.ex new file mode 100644 index 000000000..48c0aba88 --- /dev/null +++ b/lib/pleroma/plugs/legacy_authentication_plug.ex @@ -0,0 +1,31 @@ +defmodule Pleroma.Plugs.LegacyAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn + + def call( + %{ + assigns: %{ + auth_user: %{password_hash: "$6$" <> _ = password_hash} = auth_user, + auth_credentials: %{password: password} + } + } = conn, + _ + ) do + if :crypt.crypt(password, password_hash) == password_hash do + conn + |> assign(:user, auth_user) + else + conn + end + end + + def call(conn, _) do + conn + end +end -- cgit v1.2.3 From 9a96c93be71a1347a0b4f709c89589e6bac8d4de Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:37:02 +0200 Subject: Add SessionAuthenticationPlug. --- lib/pleroma/plugs/session_authentication_plug.ex | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 lib/pleroma/plugs/session_authentication_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/session_authentication_plug.ex b/lib/pleroma/plugs/session_authentication_plug.ex new file mode 100644 index 000000000..904a27952 --- /dev/null +++ b/lib/pleroma/plugs/session_authentication_plug.ex @@ -0,0 +1,18 @@ +defmodule Pleroma.Plugs.SessionAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(conn, _) do + with saved_user_id <- get_session(conn, :user_id), + %{auth_user: %{id: ^saved_user_id}} <- conn.assigns do + conn + |> assign(:user, conn.assigns.auth_user) + else + _ -> conn + end + end +end -- cgit v1.2.3 From 32465b9939718f7bc6604594e0404340c3e02cc9 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 18:53:38 +0200 Subject: Simplify AuthenticationPlug --- lib/pleroma/plugs/authentication_plug.ex | 79 ++++++++------------------------ 1 file changed, 20 insertions(+), 59 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index ffecb403d..8706b32cd 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -9,71 +9,32 @@ defmodule Pleroma.Plugs.AuthenticationPlug do def call(%{assigns: %{user: %User{}}} = conn, _), do: conn - def call(conn, opts) do - with {:ok, username, password} <- decode_header(conn), - {:ok, user} <- opts[:fetcher].(username), - false <- !!user.info["deactivated"], - saved_user_id <- get_session(conn, :user_id), - legacy_password <- String.starts_with?(user.password_hash, "$6$"), - update_legacy_password <- - !(Map.has_key?(opts, :update_legacy_password) && opts[:update_legacy_password] == false), - {:ok, verified_user} <- verify(user, password, saved_user_id) do - if legacy_password and update_legacy_password do - User.reset_password(verified_user, %{ - :password => password, - :password_confirmation => password - }) - end - + def call( + %{ + assigns: %{ + auth_user: %{password_hash: password_hash} = auth_user, + auth_credentials: %{password: password} + } + } = conn, + _ + ) do + if Pbkdf2.checkpw(password, password_hash) do conn - |> assign(:user, verified_user) - |> put_session(:user_id, verified_user.id) + |> assign(:user, auth_user) else - _ -> conn |> halt_or_continue(opts) + conn end end - # Short-circuit if we have a cookie with the id for the given user. - defp verify(%{id: id} = user, _password, id) do - {:ok, user} - end - - defp verify(nil, _password, _user_id) do + def call( + %{ + assigns: %{ + auth_credentials: %{password: password} + } + } = conn, + _ + ) do Pbkdf2.dummy_checkpw() - :error - end - - defp verify(user, password, _user_id) do - valid = - if String.starts_with?(user.password_hash, "$6$") do - :crypt.crypt(password, user.password_hash) == user.password_hash - else - Pbkdf2.checkpw(password, user.password_hash) - end - - if valid do - {:ok, user} - else - :error - end - end - - defp decode_header(conn) do - with ["Basic " <> header] <- get_req_header(conn, "authorization"), - {:ok, userinfo} <- Base.decode64(header), - [username, password] <- String.split(userinfo, ":", parts: 2) do - {:ok, username, password} - end - end - - defp halt_or_continue(conn, %{optional: true}) do - conn |> assign(:user, nil) - end - - defp halt_or_continue(conn, _) do conn - |> put_resp_content_type("application/json") - |> send_resp(403, Jason.encode!(%{error: "Invalid credentials."})) - |> halt end end -- cgit v1.2.3 From 12bc73dd2833a22cce6a22841d33c992b1eb31fc Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 19:06:28 +0200 Subject: Add EnsureUserKeyPlug, smaller fixes --- lib/pleroma/plugs/authentication_plug.ex | 2 ++ lib/pleroma/plugs/ensure_user_key_plug.ex | 14 ++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 lib/pleroma/plugs/ensure_user_key_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex index 8706b32cd..3ac301b97 100644 --- a/lib/pleroma/plugs/authentication_plug.ex +++ b/lib/pleroma/plugs/authentication_plug.ex @@ -37,4 +37,6 @@ defmodule Pleroma.Plugs.AuthenticationPlug do Pbkdf2.dummy_checkpw() conn end + + def call(conn, _), do: conn end diff --git a/lib/pleroma/plugs/ensure_user_key_plug.ex b/lib/pleroma/plugs/ensure_user_key_plug.ex new file mode 100644 index 000000000..05a567757 --- /dev/null +++ b/lib/pleroma/plugs/ensure_user_key_plug.ex @@ -0,0 +1,14 @@ +defmodule Pleroma.Plugs.EnsureUserKeyPlug do + import Plug.Conn + + def init(opts) do + opts + end + + def call(%{assigns: %{user: _}} = conn, _), do: conn + + def call(conn, _) do + conn + |> assign(:user, nil) + end +end -- cgit v1.2.3 From 636ad3e155d843ab7934438a05313abf1afb2a48 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 19:13:53 +0200 Subject: Add new plugs to router. --- lib/pleroma/web/router.ex | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b212a2909..7cd3c9908 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -9,47 +9,48 @@ defmodule Pleroma.Web.Router do @public Keyword.get(@instance, :public) @registrations_open Keyword.get(@instance, :registrations_open) - def user_fetcher(username_or_email) do - { - :ok, - cond do - # First, try logging in as if it was a name - user = Repo.get_by(User, %{nickname: username_or_email}) -> - user - - # If we get nil, we try using it as an email - user = Repo.get_by(User, %{email: username_or_email}) -> - user - end - } - end - pipeline :api do plug(:accepts, ["json"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :authenticated_api do plug(:accepts, ["json"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end pipeline :mastodon_html do plug(:accepts, ["html"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :pleroma_html do plug(:accepts, ["html"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) - plug(Pleroma.Plugs.AuthenticationPlug, %{fetcher: &Router.user_fetcher/1, optional: true}) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) end pipeline :well_known do -- cgit v1.2.3 From 5ce1ebb1794205a58bedee314a7c787ceb362f37 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:42:42 +0200 Subject: Add SetUserSessionIdPlug. --- lib/pleroma/plugs/set_user_session_id_plug.ex | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 lib/pleroma/plugs/set_user_session_id_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/set_user_session_id_plug.ex b/lib/pleroma/plugs/set_user_session_id_plug.ex new file mode 100644 index 000000000..adc0a42b5 --- /dev/null +++ b/lib/pleroma/plugs/set_user_session_id_plug.ex @@ -0,0 +1,15 @@ +defmodule Pleroma.Plugs.SetUserSessionIdPlug do + import Plug.Conn + alias Pleroma.User + + def init(opts) do + opts + end + + def call(%{assigns: %{user: %User{id: id}}} = conn, _) do + conn + |> put_session(:user_id, id) + end + + def call(conn, _), do: conn +end -- cgit v1.2.3 From e601165426154e1c04594ae1c191249d3cd36535 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:53:53 +0200 Subject: Add UserEnabledPlug. --- lib/pleroma/plugs/user_enabled_plug.ex | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lib/pleroma/plugs/user_enabled_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/user_enabled_plug.ex b/lib/pleroma/plugs/user_enabled_plug.ex new file mode 100644 index 000000000..9c3285896 --- /dev/null +++ b/lib/pleroma/plugs/user_enabled_plug.ex @@ -0,0 +1,17 @@ +defmodule Pleroma.Plugs.UserEnabledPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{info: %{"deactivated" => true}}}} = conn, _) do + conn + |> assign(:user, nil) + end + + def call(conn, _) do + conn + end +end -- cgit v1.2.3 From 3aba585e7a2b4e1e7733ba6949951bd95469bdaa Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 21:57:56 +0200 Subject: Add Plugs to router. --- lib/pleroma/web/router.ex | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 7cd3c9908..e8a02a192 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -17,6 +17,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureUserKeyPlug) end @@ -28,6 +30,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end @@ -39,6 +43,8 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureUserKeyPlug) end -- cgit v1.2.3 From 44b094908c28b588438b4bf31c0a4751be47f48d Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:30:14 +0200 Subject: Update legacy passwords automatically. --- lib/pleroma/plugs/legacy_authentication_plug.ex | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/legacy_authentication_plug.ex b/lib/pleroma/plugs/legacy_authentication_plug.ex index 48c0aba88..d22c1a647 100644 --- a/lib/pleroma/plugs/legacy_authentication_plug.ex +++ b/lib/pleroma/plugs/legacy_authentication_plug.ex @@ -17,11 +17,15 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlug do } = conn, _ ) do - if :crypt.crypt(password, password_hash) == password_hash do + with ^password_hash <- :crypt.crypt(password, password_hash), + {:ok, user} <- + User.reset_password(auth_user, %{password: password, password_confirmation: password}) do conn - |> assign(:user, auth_user) + |> assign(:auth_user, user) + |> assign(:user, user) else - conn + _ -> + conn end end -- cgit v1.2.3 From 70163aec9b9efc455e499c72a181bc31d75b37f0 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 5 Sep 2018 22:31:57 +0200 Subject: Add LegacyAuthenticationPlug to router. --- lib/pleroma/web/router.ex | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index e8a02a192..f3604d465 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -16,6 +16,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) @@ -29,6 +30,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) @@ -42,6 +44,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.BasicAuthDecoderPlug) plug(Pleroma.Plugs.UserFetcherPlug) plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) -- cgit v1.2.3 From 619f67768a9b66880d8541c03e640201bc378c99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 5 Sep 2018 20:13:50 +0200 Subject: Mastodon API: Add unsupported attributes to relationship responses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These attributes are documented as required by the Mastodon API. Since we don’t support them (I think?), respond with default values. --- lib/pleroma/web/mastodon_api/views/account_view.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index e206e6486..7915933be 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -75,8 +75,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do followed_by: User.following?(target, user), blocking: User.blocks?(user, target), muting: false, + muting_notifications: false, requested: false, - domain_blocking: false + domain_blocking: false, + showing_reblogs: false } end -- cgit v1.2.3 From c1d07da4e18cc2acd11a5a131e1482aec5996552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 5 Sep 2018 20:14:16 +0200 Subject: Mastodon API: Fake support for loading filters --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 4 ++++ lib/pleroma/web/router.ex | 2 ++ 2 files changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 49a8655f0..f2fcc76ad 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1188,4 +1188,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, []) end end + + def filters(conn, _) do + json(conn, []) + end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 63493ae1c..9dcf44795 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -162,6 +162,8 @@ defmodule Pleroma.Web.Router do delete("/filters/:id", MastodonAPIController, :delete_filter) get("/suggestions", MastodonAPIController, :suggestions) + + get("/filters", MastodonAPIController, :filters) end scope "/api/web", Pleroma.Web.MastodonAPI do -- cgit v1.2.3 From 4e1bb7bccb196f26c55f6d3764e0066f81e92bd4 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Sun, 9 Sep 2018 13:57:23 +0900 Subject: make limit for /api/v1/suggestions --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 3 ++- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f2fcc76ad..e5d4245c4 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1148,6 +1148,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if Keyword.get(@suggestions, :enabled, false) do api = Keyword.get(@suggestions, :third_party_engine, "") timeout = Keyword.get(@suggestions, :timeout, 5000) + limit = Keyword.get(@suggestions, :limit, 23) host = Application.get_env(:pleroma, Pleroma.Web.Endpoint) @@ -1161,7 +1162,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do @httpoison.get(url, [], timeout: timeout, recv_timeout: timeout), {:ok, data} <- Jason.decode(body) do data2 = - Enum.slice(data, 0, 40) + Enum.slice(data, 0, limit) |> Enum.map(fn x -> Map.put( x, diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 67cef004a..9c4827426 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -59,6 +59,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do enabled: Keyword.get(suggestions, :enabled, false), thirdPartyEngine: Keyword.get(suggestions, :third_party_engine, ""), timeout: Keyword.get(suggestions, :timeout, 5000), + limit: Keyword.get(suggestions, :limit, 23), web: Keyword.get(suggestions, :web, "") }, staffAccounts: staff_accounts, -- cgit v1.2.3 From b79c126ee0977e44e21f275418862fede0e1f346 Mon Sep 17 00:00:00 2001 From: Dominique Feyer Date: Sun, 9 Sep 2018 23:31:47 +0200 Subject: Add missing URL encoding in create authorization redirect --- lib/pleroma/web/oauth/oauth_controller.ex | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 160cedd8e..8fe0dde6e 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -39,15 +39,18 @@ defmodule Pleroma.Web.OAuth.OAuthController do }) else connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?" - url = "#{redirect_uri}#{connector}code=#{auth.token}" + url = "#{redirect_uri}#{connector}" + url_params = %{:code => auth.token} - url = + url_params = if params["state"] do - url <> "&state=#{params["state"]}" + Map.put(url_params, :state, params["state"]) else - url + url_params end + url = "#{url}#{Plug.Conn.Query.encode url_params}" + redirect(conn, external: url) end end -- cgit v1.2.3 From 801d645c6b457743873924cfbc1da3697dbb8df8 Mon Sep 17 00:00:00 2001 From: Dominique Feyer Date: Sun, 9 Sep 2018 23:42:28 +0200 Subject: TASK: Fix formatting --- lib/pleroma/web/oauth/oauth_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 8fe0dde6e..5441ee0a8 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -49,7 +49,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do url_params end - url = "#{url}#{Plug.Conn.Query.encode url_params}" + url = "#{url}#{Plug.Conn.Query.encode(url_params)}" redirect(conn, external: url) end -- cgit v1.2.3 From 255f46d7ab124d86a71e994deffca5f4f438b49b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 9 Sep 2018 23:29:00 +0000 Subject: html: new module providing a configurable markup scrubbing policy --- lib/pleroma/html.ex | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 lib/pleroma/html.ex (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex new file mode 100644 index 000000000..0ec73a91d --- /dev/null +++ b/lib/pleroma/html.ex @@ -0,0 +1,14 @@ +defmodule Pleroma.HTML do + alias HtmlSanitizeEx.Scrubber + + @markup Application.get_env(:pleroma, :markup) + + def filter_tags(html) do + scrubber = Keyword.get(@markup, :scrub_policy) + html |> Scrubber.scrub(scrubber) + end + + def strip_tags(html) do + html |> Scrubber.scrub(Scrubber.StripTags) + end +end -- cgit v1.2.3 From ac486fc59b49d26db7c3b6b61d0affeb34f9b3e0 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 9 Sep 2018 23:40:24 +0000 Subject: everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly --- lib/pleroma/formatter.ex | 7 ++++--- lib/pleroma/gopher/server.ex | 3 ++- lib/pleroma/web/mastodon_api/views/account_view.ex | 3 ++- lib/pleroma/web/mastodon_api/views/status_view.ex | 11 ++++++----- .../web/twitter_api/representers/activity_representer.ex | 5 +++-- lib/pleroma/web/twitter_api/views/activity_view.ex | 5 +++-- lib/pleroma/web/twitter_api/views/user_view.ex | 7 ++++--- 7 files changed, 24 insertions(+), 17 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 2b4c3c2aa..62f54a3f2 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -1,6 +1,7 @@ defmodule Pleroma.Formatter do alias Pleroma.User alias Pleroma.Web.MediaProxy + alias Pleroma.HTML @tag_regex ~r/\#\w+/u def parse_tags(text, data \\ %{}) do @@ -144,8 +145,8 @@ defmodule Pleroma.Formatter do def emojify(text, emoji) do Enum.reduce(emoji, text, fn {emoji, file}, text -> - emoji = HtmlSanitizeEx.strip_tags(emoji) - file = HtmlSanitizeEx.strip_tags(file) + emoji = HTML.strip_tags(emoji) + file = HTML.strip_tags(file) String.replace( text, @@ -154,7 +155,7 @@ defmodule Pleroma.Formatter do MediaProxy.url(file) }' />" ) - |> HtmlSanitizeEx.basic_html() + |> HTML.filter_tags() end) end diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex index 97a1dea77..1ad27ef27 100644 --- a/lib/pleroma/gopher/server.ex +++ b/lib/pleroma/gopher/server.ex @@ -35,6 +35,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do alias Pleroma.User alias Pleroma.Activity alias Pleroma.Repo + alias Pleroma.HTML @instance Application.get_env(:pleroma, :instance) @gopher Application.get_env(:pleroma, :gopher) @@ -79,7 +80,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do info("#{like_count} likes, #{announcement_count} repeats") <> "i\tfake\t(NULL)\t0\r\n" <> info( - HtmlSanitizeEx.strip_tags( + HTML.strip_tags( String.replace(activity.data["object"]["content"], "
", "\r") ) ) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 7915933be..7c92c991f 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy + alias Pleroma.HTML def render("accounts.json", %{users: users} = opts) do render_many(users, AccountView, "account.json", opts) @@ -42,7 +43,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do followers_count: user_info.follower_count, following_count: user_info.following_count, statuses_count: user_info.note_count, - note: HtmlSanitizeEx.basic_html(user.bio) || "", + note: HTML.filter_tags(user.bio) || "", url: user.ap_id, avatar: image, avatar_static: image, diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 6962aa54f..f1daa2624 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy alias Pleroma.Repo + alias Pleroma.HTML # TODO: Add cached version. defp get_replied_to_activities(activities) do @@ -111,10 +112,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do emojis = (activity.data["object"]["emoji"] || []) |> Enum.map(fn {name, url} -> - name = HtmlSanitizeEx.strip_tags(name) + name = HTML.strip_tags(name) url = - HtmlSanitizeEx.strip_tags(url) + HTML.strip_tags(url) |> MediaProxy.url() %{shortcode: name, url: url, static_url: url} @@ -221,7 +222,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do object["content"] end - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) end def render_content(%{"type" => "Article"} = object) do @@ -234,10 +235,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do object["content"] end - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) end def render_content(object) do - HtmlSanitizeEx.basic_html(object["content"]) + HTML.filter_tags(object["content"]) end end diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index 9abea59a7..5c4eed671 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView} alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Formatter + alias Pleroma.HTML defp user_by_ap_id(user_list, ap_id) do Enum.find(user_list, fn %{ap_id: user_id} -> ap_id == user_id end) @@ -167,7 +168,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do {summary, content} = ActivityView.render_content(object) html = - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) |> Formatter.emojify(object["emoji"]) video = @@ -184,7 +185,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do "uri" => activity.data["object"]["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => HtmlSanitizeEx.strip_tags(content), + "text" => HTML.strip_tags(content), "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 909eefdd8..666a35a24 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -11,6 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do alias Pleroma.User alias Pleroma.Repo alias Pleroma.Formatter + alias Pleroma.HTML import Ecto.Query @@ -232,7 +233,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do {summary, content} = render_content(object) html = - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) |> Formatter.emojify(object["emoji"]) %{ @@ -240,7 +241,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "uri" => activity.data["object"]["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => HtmlSanitizeEx.strip_tags(content), + "text" => HTML.strip_tags(content), "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 32f93153d..d67ef5f74 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do alias Pleroma.Formatter alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy + alias Pleroma.HTML def render("show.json", %{user: user = %User{}} = assigns) do render_one(user, Pleroma.Web.TwitterAPI.UserView, "user.json", assigns) @@ -39,8 +40,8 @@ defmodule Pleroma.Web.TwitterAPI.UserView do data = %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "description" => - HtmlSanitizeEx.strip_tags((user.bio || "") |> String.replace("
", "\n")), - "description_html" => HtmlSanitizeEx.basic_html(user.bio), + HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), + "description_html" => HTML.filter_tags(user.bio), "favourites_count" => 0, "followers_count" => user_info[:follower_count], "following" => following, @@ -49,7 +50,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do "friends_count" => user_info[:following_count], "id" => user.id, "name" => user.name, - "name_html" => HtmlSanitizeEx.strip_tags(user.name) |> Formatter.emojify(emoji), + "name_html" => HTML.strip_tags(user.name) |> Formatter.emojify(emoji), "profile_image_url" => image, "profile_image_url_https" => image, "profile_image_url_profile_size" => image, -- cgit v1.2.3 From 40e2f6e50034e81c3bf509e9dc9f2c938d86445d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:05:26 +0000 Subject: html: add default scrubbing profile and configuration knobs --- lib/pleroma/html.ex | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 0ec73a91d..1c62f2ccc 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -12,3 +12,103 @@ defmodule Pleroma.HTML do html |> Scrubber.scrub(Scrubber.StripTags) end end + +defmodule Pleroma.HTML.Scrubber.TwitterText do + @moduledoc """ + An HTML scrubbing policy which limits to twitter-style text. Only + paragraphs, breaks and links are allowed through the filter. + """ + + require HtmlSanitizeEx.Scrubber.Meta + alias HtmlSanitizeEx.Scrubber.Meta + + @valid_schemes ["http", "https"] + + Meta.remove_cdata_sections_before_scrub() + Meta.strip_comments() + + # links + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + + # paragraphs and linebreaks + Meta.allow_tag_with_these_attributes("br", []) + Meta.allow_tag_with_these_attributes("p", []) + + # microformats + Meta.allow_tag_with_these_attributes("span", []) +end + +defmodule Pleroma.HTML.Scrubber.Default do + @doc "The default HTML scrubbing policy: no " + + require HtmlSanitizeEx.Scrubber.Meta + alias HtmlSanitizeEx.Scrubber.Meta + + @valid_schemes ["http", "https"] + + Meta.remove_cdata_sections_before_scrub() + Meta.strip_comments() + + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + + Meta.allow_tag_with_these_attributes("b", []) + Meta.allow_tag_with_these_attributes("blockquote", []) + Meta.allow_tag_with_these_attributes("br", []) + Meta.allow_tag_with_these_attributes("code", []) + Meta.allow_tag_with_these_attributes("del", []) + Meta.allow_tag_with_these_attributes("em", []) + Meta.allow_tag_with_these_attributes("i", []) + Meta.allow_tag_with_these_attributes("li", []) + Meta.allow_tag_with_these_attributes("ol", []) + Meta.allow_tag_with_these_attributes("p", []) + Meta.allow_tag_with_these_attributes("pre", []) + Meta.allow_tag_with_these_attributes("span", []) + Meta.allow_tag_with_these_attributes("strong", []) + Meta.allow_tag_with_these_attributes("u", []) + Meta.allow_tag_with_these_attributes("ul", []) + + @markup Application.get_env(:pleroma, :markup) + @allow_inline_images Keyword.get(@markup, :allow_inline_images) + + if @allow_inline_images do + Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + + Meta.allow_tag_with_these_attributes("img", [ + "width", + "height", + "title", + "alt" + ]) + end + + @allow_tables Keyword.get(@markup, :allow_tables) + + if @allow_tables do + Meta.allow_tag_with_these_attributes("table", []) + Meta.allow_tag_with_these_attributes("tbody", []) + Meta.allow_tag_with_these_attributes("td", []) + Meta.allow_tag_with_these_attributes("th", []) + Meta.allow_tag_with_these_attributes("thead", []) + Meta.allow_tag_with_these_attributes("tr", []) + end + + @allow_headings Keyword.get(@markup, :allow_headings) + + if @allow_headings do + Meta.allow_tag_with_these_attributes("h1", []) + Meta.allow_tag_with_these_attributes("h2", []) + Meta.allow_tag_with_these_attributes("h3", []) + Meta.allow_tag_with_these_attributes("h4", []) + Meta.allow_tag_with_these_attributes("h5", []) + end + + @allow_fonts Keyword.get(@markup, :allow_fonts) + + if @allow_fonts do + Meta.allow_tag_with_these_attributes("font", ["face"]) + end + + Meta.strip_everything_not_covered() +end -- cgit v1.2.3 From 358f88e10a7d3de0481309287b4b756087490dfc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:23:23 +0000 Subject: html: allow inline images by default (because of custom emoji) --- lib/pleroma/html.ex | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 1c62f2ccc..107784e70 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -37,6 +37,21 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do # microformats Meta.allow_tag_with_these_attributes("span", []) + + # allow inline images for custom emoji + @markup Application.get_env(:pleroma, :markup) + @allow_inline_images Keyword.get(@markup, :allow_inline_images) + + if @allow_inline_images do + Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + + Meta.allow_tag_with_these_attributes("img", [ + "width", + "height", + "title", + "alt" + ]) + end end defmodule Pleroma.HTML.Scrubber.Default do -- cgit v1.2.3 From e82ce2a4b396e448181c7729db6dd850944db140 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:28:40 +0000 Subject: formatting --- lib/pleroma/gopher/server.ex | 6 +----- lib/pleroma/web/twitter_api/views/user_view.ex | 3 +-- 2 files changed, 2 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex index 1ad27ef27..d34037f4f 100644 --- a/lib/pleroma/gopher/server.ex +++ b/lib/pleroma/gopher/server.ex @@ -79,11 +79,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do link("Post ##{activity.id} by #{user.nickname}", "/notices/#{activity.id}") <> info("#{like_count} likes, #{announcement_count} repeats") <> "i\tfake\t(NULL)\t0\r\n" <> - info( - HTML.strip_tags( - String.replace(activity.data["object"]["content"], "
", "\r") - ) - ) + info(HTML.strip_tags(String.replace(activity.data["object"]["content"], "
", "\r"))) end) |> Enum.join("i\tfake\t(NULL)\t0\r\n") end diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index d67ef5f74..f2641047f 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -39,8 +39,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do data = %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), - "description" => - HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), + "description" => HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), "description_html" => HTML.filter_tags(user.bio), "favourites_count" => 0, "followers_count" => user_info[:follower_count], -- cgit v1.2.3 From 97253df3ee0b38256ac19ebfafebbc69b162b14c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:53:37 +0000 Subject: MRF: simple policy: contain media removal/nsfw ops to create activities only --- lib/pleroma/web/activity_pub/mrf/simple_policy.ex | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index 7fecb8a4f..49caef5b2 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -23,7 +23,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do end @media_removal Keyword.get(@mrf_policy, :media_removal) - defp check_media_removal(actor_info, object) do + defp check_media_removal(actor_info, %{"type" => activity_type} = object) + when activity_type == "Create" do if actor_info.host in @media_removal do child_object = Map.delete(object["object"], "attachment") object = Map.put(object, "object", child_object) @@ -33,8 +34,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do end end + defp check_media_removal(actor_info, object), do: {:ok, object} + @media_nsfw Keyword.get(@mrf_policy, :media_nsfw) - defp check_media_nsfw(actor_info, object) do + defp check_media_nsfw(actor_info, %{"type" => activity_type} = object) + when activity_type == "Create" do child_object = object["object"] if actor_info.host in @media_nsfw and child_object["attachment"] != nil and @@ -49,6 +53,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do end end + defp check_media_nsfw(actor_info, object), do: {:ok, object} + @ftl_removal Keyword.get(@mrf_policy, :federated_timeline_removal) defp check_ftl_removal(actor_info, object) do if actor_info.host in @ftl_removal do -- cgit v1.2.3 From 88094c266d74acccc6efa304dc0bd85638849a87 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 01:06:44 +0000 Subject: MRF: simple policy: refactor module to use guards and pattern matching --- lib/pleroma/web/activity_pub/mrf/simple_policy.ex | 113 ++++++++++------------ 1 file changed, 52 insertions(+), 61 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index 49caef5b2..319721d48 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -5,86 +5,77 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do @mrf_policy Application.get_env(:pleroma, :mrf_simple) @accept Keyword.get(@mrf_policy, :accept) - defp check_accept(actor_info, object) do - if length(@accept) > 0 and not (actor_info.host in @accept) do - {:reject, nil} - else - {:ok, object} - end + defp check_accept(%{host: actor_host} = actor_info, object) + when length(@accept) > 0 and not (actor_host in @accept) do + {:reject, nil} end + defp check_accept(actor_info, object), do: {:ok, object} + @reject Keyword.get(@mrf_policy, :reject) - defp check_reject(actor_info, object) do - if actor_info.host in @reject do - {:reject, nil} - else - {:ok, object} - end + defp check_reject(%{host: actor_host} = actor_info, object) when actor_host in @reject do + {:reject, nil} end + defp check_reject(actor_info, object), do: {:ok, object} + @media_removal Keyword.get(@mrf_policy, :media_removal) - defp check_media_removal(actor_info, %{"type" => activity_type} = object) - when activity_type == "Create" do - if actor_info.host in @media_removal do - child_object = Map.delete(object["object"], "attachment") - object = Map.put(object, "object", child_object) - {:ok, object} - else - {:ok, object} - end + defp check_media_removal(%{host: actor_host} = actor_info, %{"type" => "Create"} = object) + when actor_host in @media_removal do + child_object = Map.delete(object["object"], "attachment") + object = Map.put(object, "object", child_object) + {:ok, object} end defp check_media_removal(actor_info, object), do: {:ok, object} @media_nsfw Keyword.get(@mrf_policy, :media_nsfw) - defp check_media_nsfw(actor_info, %{"type" => activity_type} = object) - when activity_type == "Create" do - child_object = object["object"] - - if actor_info.host in @media_nsfw and child_object["attachment"] != nil and - length(child_object["attachment"]) > 0 do - tags = (child_object["tag"] || []) ++ ["nsfw"] - child_object = Map.put(child_object, "tags", tags) - child_object = Map.put(child_object, "sensitive", true) - object = Map.put(object, "object", child_object) - {:ok, object} - else - {:ok, object} - end + defp check_media_nsfw( + %{host: actor_host} = actor_info, + %{ + "type" => "Create", + "object" => %{"attachment" => child_attachment} = child_object + } = object + ) + when actor_host in @media_nsfw and length(child_attachment) > 0 do + tags = (child_object["tag"] || []) ++ ["nsfw"] + child_object = Map.put(child_object, "tags", tags) + child_object = Map.put(child_object, "sensitive", true) + object = Map.put(object, "object", child_object) + {:ok, object} end defp check_media_nsfw(actor_info, object), do: {:ok, object} @ftl_removal Keyword.get(@mrf_policy, :federated_timeline_removal) - defp check_ftl_removal(actor_info, object) do - if actor_info.host in @ftl_removal do - user = User.get_by_ap_id(object["actor"]) - - # flip to/cc relationship to make the post unlisted - object = - if "https://www.w3.org/ns/activitystreams#Public" in object["to"] and - user.follower_address in object["cc"] do - to = - List.delete(object["to"], "https://www.w3.org/ns/activitystreams#Public") ++ - [user.follower_address] - - cc = - List.delete(object["cc"], user.follower_address) ++ - ["https://www.w3.org/ns/activitystreams#Public"] - - object - |> Map.put("to", to) - |> Map.put("cc", cc) - else - object - end + defp check_ftl_removal(%{host: actor_host} = actor_info, object) + when actor_host in @ftl_removal do + user = User.get_by_ap_id(object["actor"]) - {:ok, object} - else - {:ok, object} - end + # flip to/cc relationship to make the post unlisted + object = + if "https://www.w3.org/ns/activitystreams#Public" in object["to"] and + user.follower_address in object["cc"] do + to = + List.delete(object["to"], "https://www.w3.org/ns/activitystreams#Public") ++ + [user.follower_address] + + cc = + List.delete(object["cc"], user.follower_address) ++ + ["https://www.w3.org/ns/activitystreams#Public"] + + object + |> Map.put("to", to) + |> Map.put("cc", cc) + else + object + end + + {:ok, object} end + defp check_ftl_removal(actor_info, object), do: {:ok, object} + @impl true def filter(object) do actor_info = URI.parse(object["actor"]) -- cgit v1.2.3 From e0b8c0ccba57cb8f920929c61b64c523f431edec Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 01:13:38 +0000 Subject: MRF: reject non-public: use pattern match to remove unnecessary if block --- .../web/activity_pub/mrf/reject_non_public.ex | 65 +++++++++++----------- 1 file changed, 32 insertions(+), 33 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex index b6936fe90..129d04617 100644 --- a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex +++ b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex @@ -7,43 +7,42 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do @allow_direct Keyword.get(@mrf_rejectnonpublic, :allow_direct) @impl true - def filter(object) do - if object["type"] == "Create" do - user = User.get_cached_by_ap_id(object["actor"]) - public = "https://www.w3.org/ns/activitystreams#Public" - - # Determine visibility - visibility = - cond do - public in object["to"] -> "public" - public in object["cc"] -> "unlisted" - user.follower_address in object["to"] -> "followers" - true -> "direct" - end + def filter(%{"type" => "Create"} = object) do + user = User.get_cached_by_ap_id(object["actor"]) + public = "https://www.w3.org/ns/activitystreams#Public" - case visibility do - "public" -> - {:ok, object} + # Determine visibility + visibility = + cond do + public in object["to"] -> "public" + public in object["cc"] -> "unlisted" + user.follower_address in object["to"] -> "followers" + true -> "direct" + end - "unlisted" -> + case visibility do + "public" -> + {:ok, object} + + "unlisted" -> + {:ok, object} + + "followers" -> + with true <- @allow_followersonly do {:ok, object} + else + _e -> {:reject, nil} + end - "followers" -> - with true <- @allow_followersonly do - {:ok, object} - else - _e -> {:reject, nil} - end - - "direct" -> - with true <- @allow_direct do - {:ok, object} - else - _e -> {:reject, nil} - end - end - else - {:ok, object} + "direct" -> + with true <- @allow_direct do + {:ok, object} + else + _e -> {:reject, nil} + end end end + + @impl true + def filter(object), do: {:ok, object} end -- cgit v1.2.3 From d3248e13e3fb13ca5b841ba31ca6fa5f3f65b501 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 01:57:03 +0000 Subject: activitypub: transmogrifier: allow profile updates from bots --- lib/pleroma/web/activity_pub/transmogrifier.ex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 4a3a82195..48c3aec97 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -355,9 +355,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end def handle_incoming( - %{"type" => "Update", "object" => %{"type" => "Person"} = object, "actor" => actor_id} = + %{"type" => "Update", "object" => %{"type" => object_type} = object, "actor" => actor_id} = data - ) do + ) + when object_type in ["Person", "Application", "Service", "Organization"] do with %User{ap_id: ^actor_id} = actor <- User.get_by_ap_id(object["id"]) do {:ok, new_user_data} = ActivityPub.user_data_from_user_object(object) -- cgit v1.2.3 From 39aed5348ab61a1f18d18f4fcb3981b558034100 Mon Sep 17 00:00:00 2001 From: shadowfacts Date: Mon, 10 Sep 2018 23:32:19 +0000 Subject: Add visible_in_picker to status emojis --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 6962aa54f..cdae2de7a 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -117,7 +117,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do HtmlSanitizeEx.strip_tags(url) |> MediaProxy.url() - %{shortcode: name, url: url, static_url: url} + %{shortcode: name, url: url, static_url: url, visible_in_picker: false} end) %{ -- cgit v1.2.3 From 95376ac1fe7a4d4a30932c6d74ca06782ba7c50a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:33:44 +0000 Subject: html: add the ability to override the default scrub policy --- lib/pleroma/html.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 107784e70..a0c43b82c 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,9 +3,13 @@ defmodule Pleroma.HTML do @markup Application.get_env(:pleroma, :markup) + def filter_tags(html, scrubber) do + html |> Scrubber.scrub(scrubber) + end + def filter_tags(html) do scrubber = Keyword.get(@markup, :scrub_policy) - html |> Scrubber.scrub(scrubber) + filter_tags(html, scrubber) end def strip_tags(html) do -- cgit v1.2.3 From 342ed844464bd32f633959b5fd48711c29c01566 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:48:28 +0000 Subject: MRF: add policy for normalizing HTML markup (local and remote) to a specific policy --- .../web/activity_pub/mrf/normalize_markup.ex | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 lib/pleroma/web/activity_pub/mrf/normalize_markup.ex (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex new file mode 100644 index 000000000..b4f91f3cc --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex @@ -0,0 +1,25 @@ +defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkup do + alias Pleroma.HTML + + @behaviour Pleroma.Web.ActivityPub.MRF + + @mrf_normalize_markup Application.get_env(:pleroma, :mrf_normalize_markup) + + def filter(%{"type" => activity_type} = object) when activity_type == "Create" do + scrub_policy = Keyword.get(@mrf_normalize_markup, :scrub_policy) + + child = object["object"] + + content = + child["content"] + |> HTML.filter_tags(scrub_policy) + + child = Map.put(child, "content", content) + + object = Map.put(object, "object", child) + + {:ok, object} + end + + def filter(object), do: {:ok, object} +end -- cgit v1.2.3 From cd13fa17fd8d2c959b4a257a3bdcf52e7f61ddf2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 16 Sep 2018 02:07:01 +0000 Subject: html: allow scrubbing policies to be stackable --- lib/pleroma/html.ex | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index a0c43b82c..1eb0fdc00 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,13 +3,24 @@ defmodule Pleroma.HTML do @markup Application.get_env(:pleroma, :markup) + defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber] + defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers + defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] + + def get_scrubbers() do + Keyword.get(@markup, :scrub_policy) + |> get_scrubbers + end + def filter_tags(html, scrubber) do html |> Scrubber.scrub(scrubber) end def filter_tags(html) do - scrubber = Keyword.get(@markup, :scrub_policy) - filter_tags(html, scrubber) + get_scrubbers() + |> Enum.reduce(html, fn scrubber, html -> + filter_tags(html, scrubber) + end) end def strip_tags(html) do -- cgit v1.2.3 From a7d0ecdc7c901476f064a9d9fbad639742d3b509 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 16 Sep 2018 02:07:32 +0000 Subject: html: add policy which transforms inline images to pass through the media proxy --- lib/pleroma/html.ex | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 1eb0fdc00..ab62dd1da 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -142,3 +142,34 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.strip_everything_not_covered() end + +defmodule Pleroma.HTML.Transform.MediaProxy do + @moduledoc "Transforms inline image URIs to use MediaProxy." + + alias Pleroma.Web.MediaProxy + + def before_scrub(html), do: html + + def scrub_attribute("img", {"src", "http" <> target}) do + media_url = + ("http" <> target) + |> MediaProxy.url() + + {"src", media_url} + end + + def scrub_attribute(tag, attribute), do: attribute + + def scrub({"img", attributes, children}) do + attributes = + attributes + |> Enum.map(fn attr -> scrub_attribute("img", attr) end) + |> Enum.reject(&is_nil(&1)) + + {"img", attributes, children} + end + + def scrub({tag, attributes, children}), do: {tag, attributes, children} + def scrub({tag, children}), do: children + def scrub(text), do: text +end -- cgit v1.2.3 From 9b0f2d572baae4afd19684f80625fe0791b9d6bc Mon Sep 17 00:00:00 2001 From: Dominique Feyer Date: Mon, 17 Sep 2018 12:21:01 +0200 Subject: Return 204 response on options request --- lib/pleroma/web/router.ex | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 856679899..43e301034 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -400,6 +400,8 @@ defmodule Pleroma.Web.Router do scope "/", Fallback do get("/registration/:token", RedirectController, :registration_page) get("/*path", RedirectController, :redirector) + + options("/*path", RedirectController, :empty) end end @@ -417,4 +419,10 @@ defmodule Fallback.RedirectController do def registration_page(conn, params) do redirector(conn, params) end + + def empty(conn, _params) do + conn + |> put_status(204) + |> text("") + end end -- cgit v1.2.3 From f4fcea5258a5dbffdf8929887251c64e32c2fd3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Tue, 18 Sep 2018 11:57:33 +0200 Subject: Revert "Mastodon API: Fake support for loading filters" This reverts commit c1d07da4e18cc2acd11a5a131e1482aec5996552. The fake support was superseded by 6e030129fb33926e6a5bd75c27af6f657f9da2a5 which actually implements the faked filters API. This change removes the fake support and ensures that the actual implementation is used. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 4 ---- lib/pleroma/web/router.ex | 2 -- 2 files changed, 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e5d4245c4..031fc1a5d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1189,8 +1189,4 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, []) end end - - def filters(conn, _) do - json(conn, []) - end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 856679899..d324efb7e 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -172,8 +172,6 @@ defmodule Pleroma.Web.Router do delete("/filters/:id", MastodonAPIController, :delete_filter) get("/suggestions", MastodonAPIController, :suggestions) - - get("/filters", MastodonAPIController, :filters) end scope "/api/web", Pleroma.Web.MastodonAPI do -- cgit v1.2.3 From 0cac493fdc783d717fca3486099aa18a698139fd Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 19 Sep 2018 04:57:28 +0000 Subject: mastodon api: default attachment type to image if one is not present --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 8f6c4b062..284df837a 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -154,7 +154,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do def render("attachment.json", %{attachment: attachment}) do [attachment_url | _] = attachment["url"] - media_type = attachment_url["mediaType"] || attachment_url["mimeType"] + media_type = attachment_url["mediaType"] || attachment_url["mimeType"] || "image" href = attachment_url["href"] type = -- cgit v1.2.3 From c9585ec00760b46f013f36a7f7625ac36471d3e8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 19 Sep 2018 04:58:17 +0000 Subject: twitter api: fix mimetype fallback when attachments use a URI instead of a URL object --- lib/pleroma/web/twitter_api/representers/object_representer.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/representers/object_representer.ex b/lib/pleroma/web/twitter_api/representers/object_representer.ex index 6aa794a59..d5291a397 100644 --- a/lib/pleroma/web/twitter_api/representers/object_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/object_representer.ex @@ -17,7 +17,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ObjectRepresenter do def to_map(%Object{data: %{"url" => url} = data}, _opts) when is_binary(url) do %{ url: url |> Pleroma.Web.MediaProxy.url(), - mimetype: data["mediaType"] || url["mimeType"], + mimetype: data["mediaType"] || data["mimeType"], id: data["uuid"], oembed: false, description: data["name"] -- cgit v1.2.3 From 43d0b7bf7ae0e44366a56a6e0b9172b0caedd14a Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Sep 2018 16:10:46 +0200 Subject: [Pleroma.Web.MastodonAPI.StatusView] add replies_count --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 284df837a..ffc105196 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -63,6 +63,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do content: reblogged[:content], created_at: created_at, reblogs_count: 0, + replies_count: 0, favourites_count: 0, reblogged: false, favourited: false, @@ -132,6 +133,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do content: render_content(object), created_at: created_at, reblogs_count: announcement_count, + replies_count: 0, favourites_count: like_count, reblogged: !!repeated, favourited: !!favorited, -- cgit v1.2.3 From a8eaecadee1807af89e2917f4c1981e7981ad908 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Sep 2018 16:22:31 +0200 Subject: [Pleroma.Web.MastodonAPI.AccountView]: relationship.json: fake endorsed value (false) --- lib/pleroma/web/mastodon_api/views/account_view.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 7c92c991f..3c8f93486 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -79,7 +79,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do muting_notifications: false, requested: false, domain_blocking: false, - showing_reblogs: false + showing_reblogs: false, + endorsed: false } end -- cgit v1.2.3 From 33a1e92584d9a7e4819677fd2e0754ef6edc418a Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Sep 2018 16:25:07 +0200 Subject: [Pleroma.Web.Router]: Fake /api/v1/endorsements --- lib/pleroma/web/router.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index d324efb7e..646e9e5cb 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -172,6 +172,8 @@ defmodule Pleroma.Web.Router do delete("/filters/:id", MastodonAPIController, :delete_filter) get("/suggestions", MastodonAPIController, :suggestions) + + get("/endorsements", MastodonAPIController, :empty_array) end scope "/api/web", Pleroma.Web.MastodonAPI do -- cgit v1.2.3 From f74725df41be8081e40d4c3ec5a3ba7ac27edf21 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Sep 2018 16:37:18 +0200 Subject: [Pleroma.Web.MastodonAPI.MastodonAPIController]: Remove unused variables --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 031fc1a5d..6054abc0d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -441,7 +441,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do new_data = %{object.data | "name" => description} change = Object.change(object, %{data: new_data}) - {:ok, media_obj} = Repo.update(change) + {:ok, _} = Repo.update(change) data = new_data @@ -1077,7 +1077,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def get_filters(%{assigns: %{user: user}} = conn, params) do + def get_filters(%{assigns: %{user: user}} = conn, _) do filters = Pleroma.Filter.get_filters(user) res = FilterView.render("filters.json", filters: filters) json(conn, res) @@ -1101,7 +1101,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, res) end - def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do filter = Pleroma.Filter.get(filter_id, user) res = FilterView.render("filter.json", filter: filter) json(conn, res) @@ -1126,13 +1126,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, res) end - def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do query = %Pleroma.Filter{ user_id: user.id, filter_id: filter_id } - {:ok, response} = Pleroma.Filter.delete(query) + {:ok, _} = Pleroma.Filter.delete(query) json(conn, %{}) end -- cgit v1.2.3 From 40c51f118f463127b2538e04fe3b29f90f89055d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Sep 2018 16:48:12 +0200 Subject: [Pleroma.Web.MastodonAPI.MastodonAPIController]: Bump mastodon_api_level to 2.5.0 --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 6054abc0d..3d292182d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -125,7 +125,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end @instance Application.get_env(:pleroma, :instance) - @mastodon_api_level "2.4.3" + @mastodon_api_level "2.5.0" def masto_instance(conn, _params) do response = %{ -- cgit v1.2.3 From c9f6eb9a419b4c693cdb95c9f9e0fae724d4e415 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 19 Sep 2018 06:13:18 +0000 Subject: user: implement dynamic refresh of profiles (gets rid of need for fix_ap_users task) --- lib/pleroma/user.ex | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 1dad30e87..e3e6aa0d8 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -22,6 +22,7 @@ defmodule Pleroma.User do field(:info, :map, default: %{}) field(:follower_address, :string) field(:search_distance, :float, virtual: true) + field(:last_refreshed_at, :naive_datetime) has_many(:notifications, Notification) timestamps() @@ -112,8 +113,12 @@ defmodule Pleroma.User do end def upgrade_changeset(struct, params \\ %{}) do + params = + params + |> Map.put(:last_refreshed_at, NaiveDateTime.utc_now()) + struct - |> cast(params, [:bio, :name, :info, :follower_address, :avatar]) + |> cast(params, [:bio, :name, :info, :follower_address, :avatar, :last_refreshed_at]) |> unique_constraint(:nickname) |> validate_format(:nickname, ~r/^[a-zA-Z\d]+$/) |> validate_length(:bio, max: 5000) @@ -169,6 +174,16 @@ defmodule Pleroma.User do end end + def needs_update?(%User{local: true}), do: false + + def needs_update?(%User{local: false, last_refreshed_at: nil}), do: true + + def needs_update?(%User{local: false} = user) do + NaiveDateTime.diff(NaiveDateTime.utc_now(), user.last_refreshed_at) >= 86400 + end + + def needs_update?(_), do: true + def maybe_direct_follow(%User{} = follower, %User{info: info} = followed) do user_config = Application.get_env(:pleroma, :user) deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked) @@ -655,7 +670,9 @@ defmodule Pleroma.User do end def get_or_fetch_by_ap_id(ap_id) do - if user = get_by_ap_id(ap_id) do + user = get_by_ap_id(ap_id) + + if !is_nil(user) and !User.needs_update?(user) do user else ap_try = ActivityPub.make_user_from_ap_id(ap_id) -- cgit v1.2.3 From 8e28e8a18f330696d48070a138a6fa83ef7edfb2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 20 Sep 2018 23:51:06 +0000 Subject: mix: remove fix_ap_users task, now obsolete --- lib/mix/tasks/fix_ap_users.ex | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 lib/mix/tasks/fix_ap_users.ex (limited to 'lib') diff --git a/lib/mix/tasks/fix_ap_users.ex b/lib/mix/tasks/fix_ap_users.ex deleted file mode 100644 index 7e970850e..000000000 --- a/lib/mix/tasks/fix_ap_users.ex +++ /dev/null @@ -1,28 +0,0 @@ -defmodule Mix.Tasks.FixApUsers do - use Mix.Task - import Ecto.Query - alias Pleroma.{Repo, User} - - @shortdoc "Grab all ap users again" - def run([]) do - Mix.Task.run("app.start") - - q = - from( - u in User, - where: fragment("? @> ?", u.info, ^%{"ap_enabled" => true}), - where: u.local == false - ) - - users = Repo.all(q) - - Enum.each(users, fn user -> - try do - IO.puts("Fetching #{user.nickname}") - Pleroma.Web.ActivityPub.Transmogrifier.upgrade_user_from_ap_id(user.ap_id, false) - rescue - e -> IO.inspect(e) - end - end) - end -end -- cgit v1.2.3 From 8ae9424edb753097f4c2093bbded946f938d99e7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 01:10:53 +0000 Subject: html: default to using normal scrub policy if provided scrub policy is nil --- lib/pleroma/html.ex | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index ab62dd1da..878fac28c 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -12,17 +12,19 @@ defmodule Pleroma.HTML do |> get_scrubbers end - def filter_tags(html, scrubber) do - html |> Scrubber.scrub(scrubber) - end - - def filter_tags(html) do + def filter_tags(html, nil) do get_scrubbers() |> Enum.reduce(html, fn scrubber, html -> filter_tags(html, scrubber) end) end + def filter_tags(html, scrubber) do + html |> Scrubber.scrub(scrubber) + end + + def filter_tags(html), do: filter_tags(html, nil) + def strip_tags(html) do html |> Scrubber.scrub(Scrubber.StripTags) end -- cgit v1.2.3 From 735cdfb8481af7ff78a0637fe5045d3f10961141 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 01:37:05 +0000 Subject: user: add User.html_filter_policy() --- lib/pleroma/user.ex | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index e3e6aa0d8..487bfce32 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -669,6 +669,12 @@ defmodule Pleroma.User do :ok end + def html_filter_policy(%User{info: %{"no_rich_text" => true}}) do + Pleroma.HTML.Scrubber.TwitterText + end + + def html_filter_policy(_), do: nil + def get_or_fetch_by_ap_id(ap_id) do user = get_by_ap_id(ap_id) -- cgit v1.2.3 From 2f5b026548a52d700a15f52243596f7010d3af57 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 02:13:54 +0000 Subject: twitter api: add support for user-specified html policy --- lib/pleroma/web/twitter_api/representers/activity_representer.ex | 2 +- lib/pleroma/web/twitter_api/views/activity_view.ex | 2 +- lib/pleroma/web/twitter_api/views/user_view.ex | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index 5c4eed671..b21bbb205 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -168,7 +168,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do {summary, content} = ActivityView.render_content(object) html = - HTML.filter_tags(content) + HTML.filter_tags(content, User.html_filter_policy(opts[:for])) |> Formatter.emojify(object["emoji"]) video = diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 666a35a24..b9fd062d6 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -233,7 +233,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do {summary, content} = render_content(object) html = - HTML.filter_tags(content) + HTML.filter_tags(content, User.html_filter_policy(opts[:for])) |> Formatter.emojify(object["emoji"]) %{ diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index f2641047f..cec9e11a0 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -40,7 +40,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do data = %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "description" => HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), - "description_html" => HTML.filter_tags(user.bio), + "description_html" => HTML.filter_tags(user.bio, User.html_filter_policy(assigns[:for])), "favourites_count" => 0, "followers_count" => user_info[:follower_count], "following" => following, -- cgit v1.2.3 From 958e085acb88d8bdcac4834a290238bc8527e678 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 02:14:25 +0000 Subject: mastodon api: add support for user-supplied html policy --- .../web/mastodon_api/mastodon_api_controller.ex | 20 ++++++++++---------- lib/pleroma/web/mastodon_api/views/account_view.ex | 6 ++++-- lib/pleroma/web/mastodon_api/views/status_view.ex | 14 ++++++++------ 3 files changed, 22 insertions(+), 18 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 3d292182d..47ae61b5b 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -98,7 +98,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do CommonAPI.update(user) end - json(conn, AccountView.render("account.json", %{user: user})) + json(conn, AccountView.render("account.json", %{user: user, for: user})) else _e -> conn @@ -108,13 +108,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def verify_credentials(%{assigns: %{user: user}} = conn, _) do - account = AccountView.render("account.json", %{user: user}) + account = AccountView.render("account.json", %{user: user, for: user}) json(conn, account) end - def user(conn, %{"id" => id}) do + def user(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do with %User{} = user <- Repo.get(User, id) do - account = AccountView.render("account.json", %{user: user}) + account = AccountView.render("account.json", %{user: user, for: for_user}) json(conn, account) else _e -> @@ -588,7 +588,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do with %User{} = followed <- Repo.get_by(User, nickname: uri), {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, _activity} <- ActivityPub.follow(follower, followed) do - render(conn, AccountView, "account.json", %{user: followed}) + render(conn, AccountView, "account.json", %{user: followed, for: follower}) else {:error, message} -> conn @@ -858,7 +858,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if user && token do mastodon_emoji = mastodonized_emoji() - accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user})) + accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user})) initial_state = %{ @@ -1038,7 +1038,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "mention", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: activity, for: user}) } @@ -1049,7 +1049,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "favourite", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: liked_activity, for: user}) } @@ -1060,7 +1060,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "reblog", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: announced_activity, for: user}) } @@ -1069,7 +1069,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "follow", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}) + account: AccountView.render("account.json", %{user: actor, for: user}) } _ -> diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 3c8f93486..96795c420 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do render_many(users, AccountView, "account.json", opts) end - def render("account.json", %{user: user}) do + def render("account.json", %{user: user} = opts) do image = User.avatar_url(user) |> MediaProxy.url() header = User.banner_url(user) |> MediaProxy.url() user_info = User.user_info(user) @@ -33,6 +33,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end) |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end) + bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for])) + %{ id: to_string(user.id), username: username_from_nickname(user.nickname), @@ -43,7 +45,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do followers_count: user_info.follower_count, following_count: user_info.following_count, statuses_count: user_info.note_count, - note: HTML.filter_tags(user.bio) || "", + note: bio || "", url: user.ap_id, avatar: image, avatar_static: image, diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index ffc105196..ef46ba4fc 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -122,6 +122,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do %{shortcode: name, url: url, static_url: url, visible_in_picker: false} end) + content = + render_content(object) + |> HTML.filter_tags(User.html_filter_policy(opts[:for])) + %{ id: to_string(activity.id), uri: object["id"], @@ -130,7 +134,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do in_reply_to_id: reply_to && to_string(reply_to.id), in_reply_to_account_id: reply_to_user && to_string(reply_to_user.id), reblog: nil, - content: render_content(object), + content: content, created_at: created_at, reblogs_count: announcement_count, replies_count: 0, @@ -224,7 +228,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do object["content"] end - HTML.filter_tags(content) + content end def render_content(%{"type" => "Article"} = object) do @@ -237,10 +241,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do object["content"] end - HTML.filter_tags(content) + content end - def render_content(object) do - HTML.filter_tags(object["content"]) - end + def render_content(object), do: object["content"] end -- cgit v1.2.3 From c2b69798dd924f287a720ad5a57feed99b14d609 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 02:17:19 +0000 Subject: twitter api: add support for disabling rich text --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index b3a56b27e..cd2bb5b57 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -443,6 +443,20 @@ defmodule Pleroma.Web.TwitterAPI.Controller do user end + user = + if no_rich_text = params["no_rich_text"] do + with no_rich_text <- no_rich_text == "true", + new_info <- Map.put(user.info, "no_rich_text", no_rich_text), + change <- User.info_changeset(user, %{info: new_info}), + {:ok, user} <- User.update_and_set_cache(change) do + user + else + _e -> user + end + else + user + end + user = if default_scope = params["default_scope"] do with new_info <- Map.put(user.info, "default_scope", default_scope), -- cgit v1.2.3 From df00a364fb08263fa91d19bf8ed815f172c922da Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 02:48:42 +0000 Subject: mastodon api: formatting --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 47ae61b5b..391a79885 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -858,7 +858,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if user && token do mastodon_emoji = mastodonized_emoji() - accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user})) + + accounts = + Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user})) initial_state = %{ -- cgit v1.2.3 From 56577d8b48fcb8046bf559e683f11045b3e98f51 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 03:20:25 +0000 Subject: twitter api: add no_rich_text option to userview for account prefs --- lib/pleroma/web/twitter_api/views/user_view.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index cec9e11a0..cfbaef4c9 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -64,7 +64,8 @@ defmodule Pleroma.Web.TwitterAPI.UserView do "background_image" => image_url(user.info["background"]) |> MediaProxy.url(), "is_local" => user.local, "locked" => !!user.info["locked"], - "default_scope" => user.info["default_scope"] || "public" + "default_scope" => user.info["default_scope"] || "public", + "no_rich_text" => user.info["no_rich_text"] || false } if assigns[:token] do -- cgit v1.2.3 From 7f0e291483881a5fa8bb714c65b911e8884c68d1 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 03:19:43 +0000 Subject: html: twittertext: add missing catchall scrub function --- lib/pleroma/html.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 878fac28c..cf18f070c 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -69,6 +69,8 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do "alt" ]) end + + Meta.strip_everything_not_covered() end defmodule Pleroma.HTML.Scrubber.Default do -- cgit v1.2.3 From f77ec96707bbce99725c4cad2ef5aea70511c6f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Mon, 24 Sep 2018 15:38:32 +0200 Subject: Uploaders.S3: Replace unsafe characters in object key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to [the S3 docs][s3], the characters safe for use in object keys are: * 0-9 * a-z * A-Z * ! * - * _ * . * * * ' * ( * ) (The / character is not listed but mentioned being safe outside of the list.) Several characters that are valid in filenames can cause problems, for example spaces are not valid in URLs and need to be escaped, sequences of spaces can become squeezed by S3, some characters like \ are documented to require “significant special handling”. To avoid these problems, this change encodes the filename before using it as part of the S3 object name by replacing all characters except those documented as “safe” with dashes. [s3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html --- lib/pleroma/uploaders/s3.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index ce0ed3e34..87322753d 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Uploaders.S3 do File.rm!(path) - s3_name = "#{uuid}/#{name}" + s3_name = "#{uuid}/#{encode(name)}" {:ok, _} = ExAws.S3.put_object(bucket, s3_name, file_data, [ @@ -21,4 +21,8 @@ defmodule Pleroma.Uploaders.S3 do {:ok, "#{public_endpoint}/#{bucket}/#{s3_name}"} end + + defp encode(name) do + String.replace(name, ~r/[^0-9a-zA-Z!.*'()_-]/, "-") + end end -- cgit v1.2.3 From 523757be52749b97ffcfad3d06ab6d0c0e2f8aab Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 21 Sep 2018 11:41:20 +0200 Subject: [Pleroma.Web.ActivityPub.ActivityPub]: Harden getting endpoints [kroeg] --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 361e93e91..46dabd5de 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -683,7 +683,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do (Pleroma.Web.Salmon.remote_users(activity) ++ followers) |> Enum.filter(fn user -> User.ap_enabled?(user) end) |> Enum.map(fn %{info: %{"source_data" => data}} -> - (data["endpoints"] && data["endpoints"]["sharedInbox"]) || data["inbox"] + (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) || data["inbox"] end) |> Enum.uniq() |> Enum.filter(fn inbox -> should_federate?(inbox, public) end) -- cgit v1.2.3 From a4abb124eab7a03d8670c545cdbe029baad1c5f1 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 21 Sep 2018 12:43:35 +0200 Subject: [Pleroma.Web.ActivityPub.Transmogrifier]: Fix when inReplyTo is a inlined post [kroeg] --- lib/pleroma/web/activity_pub/transmogrifier.ex | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 48c3aec97..3af3efbb3 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -96,8 +96,17 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do object end - def fix_in_reply_to(%{"inReplyTo" => in_reply_to_id} = object) - when not is_nil(in_reply_to_id) do + def fix_in_reply_to(%{"inReplyTo" => in_reply_to} = object) + when not is_nil(in_reply_to) do + in_reply_to_id = + if is_bitstring(in_reply_to) do + in_reply_to + else + if is_map(in_reply_to) && in_reply_to["id"] do + in_reply_to["id"] + end + end + case ActivityPub.fetch_object_from_id(in_reply_to_id) do {:ok, replied_object} -> with %Activity{} = activity <- -- cgit v1.2.3 From f8a0cb9c0be922a43ad9ccb6c712b4c598466573 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 21 Sep 2018 12:57:31 +0200 Subject: [Pleroma.Web.ActivityPub.Transmogrifier]: fix when attachment contain is just a Map [kroeg] --- lib/pleroma/web/activity_pub/transmogrifier.ex | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 3af3efbb3..8677bc208 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -139,9 +139,9 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("conversation", context) end - def fix_attachments(object) do + def fix_attachments(%{"attachment" => attachment} = object) when is_list(attachment) do attachments = - (object["attachment"] || []) + attachment |> Enum.map(fn data -> url = [%{"type" => "Link", "mediaType" => data["mediaType"], "href" => data["url"]}] Map.put(data, "url", url) @@ -151,6 +151,19 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("attachment", attachments) end + def fix_attachments(%{"attachment" => attachment} = object) when is_map(attachment) do + attachment = + Map.put(attachment, "url", [ + %{"type" => "Link", "mediaType" => attachment["mediaType"], "href" => attachment["url"]} + ]) + + Map.put(object, "attachment", attachment) + end + + def fix_attachments(object) do + object + end + def fix_emoji(object) do tags = object["tag"] || [] emoji = tags |> Enum.filter(fn data -> data["type"] == "Emoji" and data["icon"] end) -- cgit v1.2.3 From 28e8a8ab36ea0bdb8f8412cb6192b2e728a96b90 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 21 Sep 2018 14:36:29 +0200 Subject: =?UTF-8?q?[Pleroma.Web.ActivityPub.Transmogrifier]:=20fix=20emoji?= =?UTF-8?q?=20in=20tag=20when=20it=E2=80=99s=20not=20in=20a=20array=20[kro?= =?UTF-8?q?eg]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also simplified the code for name trimming. And not copying the Map.merge part as it looks buggy. See: https://queer.hacktivis.me/objects/a9f21ebc-9a12-4a6c-89d5-3d46955c6ee8 --- lib/pleroma/web/activity_pub/transmogrifier.ex | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 8677bc208..a37c8477f 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -164,21 +164,13 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do object end - def fix_emoji(object) do - tags = object["tag"] || [] + def fix_emoji(%{"tag" => tags} = object) when is_list(tags) do emoji = tags |> Enum.filter(fn data -> data["type"] == "Emoji" and data["icon"] end) emoji = emoji |> Enum.reduce(%{}, fn data, mapping -> - name = data["name"] - - name = - if String.starts_with?(name, ":") do - name |> String.slice(1..-2) - else - name - end + name = String.trim(data["name"], ":") mapping |> Map.put(name, data["icon"]["url"]) end) @@ -190,6 +182,18 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("emoji", emoji) end + def fix_emoji(%{"tag" => %{"type" => "Emoji"} = tag} = object) do + name = String.trim(tag["name"], ":") + emoji = %{name => tag["icon"]["url"]} + + object + |> Map.put("emoji", emoji) + end + + def fix_emoji(object) do + object + end + def fix_tag(object) do tags = (object["tag"] || []) -- cgit v1.2.3 From 0aac72f1d3673d493ddf30908c50250472803e32 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 21 Sep 2018 14:46:49 +0200 Subject: [Pleroma.Web.ActivityPub.Transmogrifier]: quick fix when tag is a Map --- lib/pleroma/web/activity_pub/transmogrifier.ex | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index a37c8477f..8b0d65b6f 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -194,18 +194,22 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do object end - def fix_tag(object) do + def fix_tag(%{"tag" => tag} = object) when is_list(tag) do tags = - (object["tag"] || []) + tag |> Enum.filter(fn data -> data["type"] == "Hashtag" and data["name"] end) |> Enum.map(fn data -> String.slice(data["name"], 1..-1) end) - combined = (object["tag"] || []) ++ tags + combined = tag ++ tags object |> Map.put("tag", combined) end + def fix_tag(object) do + object + end + # content map usually only has one language so this will do for now. def fix_content_map(%{"contentMap" => content_map} = object) do content_groups = Map.to_list(content_map) -- cgit v1.2.3 From 22927f3a340529f7911989024b8220825d0b7a89 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 25 Sep 2018 17:12:29 +0200 Subject: transmogrifier: Use a cond, add proactive support for arrays --- lib/pleroma/web/activity_pub/transmogrifier.ex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 8b0d65b6f..ed5df6f7b 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -99,12 +99,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def fix_in_reply_to(%{"inReplyTo" => in_reply_to} = object) when not is_nil(in_reply_to) do in_reply_to_id = - if is_bitstring(in_reply_to) do - in_reply_to - else - if is_map(in_reply_to) && in_reply_to["id"] do - in_reply_to["id"] - end + cond do + is_bitstring(in_reply_to) -> in_reply_to + is_map(in_reply_to) && is_bitstring(in_reply_to["id"]) -> in_reply_to["id"] + is_list(in_reply_to) && is_bitstring(Enum.at(in_reply_to, 0)) -> Enum.at(in_reply_to, 0) + # Maybe I should output an error too? + true -> "" end case ActivityPub.fetch_object_from_id(in_reply_to_id) do -- cgit v1.2.3 From f3291acc9181dcc365aaca583ae3fb1ff57019d1 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 26 Sep 2018 10:21:58 +0200 Subject: transmogrifier: pro-actively add support for Hashtag without array in tag --- lib/pleroma/web/activity_pub/transmogrifier.ex | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index ed5df6f7b..291d7d169 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -206,6 +206,13 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("tag", combined) end + def fix_tag(%{"tag" => %{"type" => "Hashtag"} = tag} = object) do + combined = [tag ++ String.slice(tag["name"], 1..-1)] + + object + |> Map.put("tag", combined) + end + def fix_tag(object) do object end -- cgit v1.2.3 From eebe33e86a064f8dff43663af634f101d25f88b3 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 26 Sep 2018 11:27:00 +0200 Subject: transmogrifier: Add support for array-less hashtags, add broken announce, harden get_actor --- lib/pleroma/web/activity_pub/transmogrifier.ex | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 291d7d169..704c76f70 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -21,13 +21,13 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do if is_binary(Enum.at(actor, 0)) do Enum.at(actor, 0) else - Enum.find(actor, fn %{"type" => type} -> type == "Person" end) + Enum.find(actor, fn %{"type" => type} -> type in ["Person", "Service", "Application"] end) |> Map.get("id") end end - def get_actor(%{"actor" => actor}) when is_map(actor) do - actor["id"] + def get_actor(%{"actor" => %{"id" => id}}) when is_bitstring(id) do + id end @doc """ @@ -206,8 +206,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("tag", combined) end - def fix_tag(%{"tag" => %{"type" => "Hashtag"} = tag} = object) do - combined = [tag ++ String.slice(tag["name"], 1..-1)] + def fix_tag(%{"tag" => %{"type" => "Hashtag", "name" => hashtag} = tag} = object) do + combined = [tag, String.slice(hashtag, 1..-1)] object |> Map.put("tag", combined) -- cgit v1.2.3 From ed8dfa3029da8e6b20fca66d51c96c87e5eedbd9 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 26 Sep 2018 18:47:18 +0000 Subject: transmogrifier: reformat `cond` block by hand --- lib/pleroma/web/activity_pub/transmogrifier.ex | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 704c76f70..868e773c4 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -100,11 +100,18 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do when not is_nil(in_reply_to) do in_reply_to_id = cond do - is_bitstring(in_reply_to) -> in_reply_to - is_map(in_reply_to) && is_bitstring(in_reply_to["id"]) -> in_reply_to["id"] - is_list(in_reply_to) && is_bitstring(Enum.at(in_reply_to, 0)) -> Enum.at(in_reply_to, 0) + is_bitstring(in_reply_to) -> + in_reply_to + + is_map(in_reply_to) && is_bitstring(in_reply_to["id"]) -> + in_reply_to["id"] + + is_list(in_reply_to) && is_bitstring(Enum.at(in_reply_to, 0)) -> + Enum.at(in_reply_to, 0) + # Maybe I should output an error too? - true -> "" + true -> + "" end case ActivityPub.fetch_object_from_id(in_reply_to_id) do -- cgit v1.2.3 From 4c3a80de96e92f27cc27213e7314a062e2d61845 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 26 Sep 2018 21:01:33 +0200 Subject: transmogrifier: Use oneliners when applicable --- lib/pleroma/web/activity_pub/transmogrifier.ex | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 868e773c4..29d7b642b 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -167,9 +167,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do Map.put(object, "attachment", attachment) end - def fix_attachments(object) do - object - end + def fix_attachments(object), do: object def fix_emoji(%{"tag" => tags} = object) when is_list(tags) do emoji = tags |> Enum.filter(fn data -> data["type"] == "Emoji" and data["icon"] end) @@ -197,9 +195,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("emoji", emoji) end - def fix_emoji(object) do - object - end + def fix_emoji(object), do: object def fix_tag(%{"tag" => tag} = object) when is_list(tag) do tags = @@ -220,9 +216,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("tag", combined) end - def fix_tag(object) do - object - end + def fix_tag(object), do: object # content map usually only has one language so this will do for now. def fix_content_map(%{"contentMap" => content_map} = object) do -- cgit v1.2.3 From d830a243a34b1c41ac81f368bce565285bd89ab7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 27 Sep 2018 07:14:15 +0000 Subject: transmogrifier: more robustly handle dereferencing pointer URIs --- lib/pleroma/web/activity_pub/transmogrifier.ex | 53 ++++++++++++++------------ 1 file changed, 29 insertions(+), 24 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 29d7b642b..611c0e623 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -114,7 +114,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do "" end - case ActivityPub.fetch_object_from_id(in_reply_to_id) do + case fetch_obj_helper(in_reply_to_id) do {:ok, replied_object} -> with %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(replied_object.data["id"]) do @@ -323,7 +323,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def handle_incoming( %{"type" => "Accept", "object" => follow_object, "actor" => actor, "id" => id} = data ) do - with %User{} = followed <- User.get_or_fetch_by_ap_id(actor), + with actor <- get_actor(data), + %User{} = followed <- User.get_or_fetch_by_ap_id(actor), {:ok, follow_activity} <- get_follow_activity(follow_object, followed), %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), {:ok, activity} <- @@ -347,7 +348,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def handle_incoming( %{"type" => "Reject", "object" => follow_object, "actor" => actor, "id" => id} = data ) do - with %User{} = followed <- User.get_or_fetch_by_ap_id(actor), + with actor <- get_actor(data), + %User{} = followed <- User.get_or_fetch_by_ap_id(actor), {:ok, follow_activity} <- get_follow_activity(follow_object, followed), %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), {:ok, activity} <- @@ -367,11 +369,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end def handle_incoming( - %{"type" => "Like", "object" => object_id, "actor" => actor, "id" => id} = _data + %{"type" => "Like", "object" => object_id, "actor" => actor, "id" => id} = data ) do - with %User{} = actor <- User.get_or_fetch_by_ap_id(actor), - {:ok, object} <- - get_obj_helper(object_id) || ActivityPub.fetch_object_from_id(object_id), + with actor <- get_actor(data), + %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity, _object} <- ActivityPub.like(actor, object, id, false) do {:ok, activity} else @@ -380,11 +382,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end def handle_incoming( - %{"type" => "Announce", "object" => object_id, "actor" => actor, "id" => id} = _data + %{"type" => "Announce", "object" => object_id, "actor" => actor, "id" => id} = data ) do - with %User{} = actor <- User.get_or_fetch_by_ap_id(actor), - {:ok, object} <- - get_obj_helper(object_id) || ActivityPub.fetch_object_from_id(object_id), + with actor <- get_actor(data), + %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity, _object} <- ActivityPub.announce(actor, object, id, false) do {:ok, activity} else @@ -428,13 +430,13 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do # TODO: Make secure. def handle_incoming( - %{"type" => "Delete", "object" => object_id, "actor" => actor, "id" => _id} = _data + %{"type" => "Delete", "object" => object_id, "actor" => actor, "id" => _id} = data ) do object_id = Utils.get_ap_id(object_id) - with %User{} = _actor <- User.get_or_fetch_by_ap_id(actor), - {:ok, object} <- - get_obj_helper(object_id) || ActivityPub.fetch_object_from_id(object_id), + with actor <- get_actor(data), + %User{} = _actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity} <- ActivityPub.delete(object, false) do {:ok, activity} else @@ -448,11 +450,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do "object" => %{"type" => "Announce", "object" => object_id}, "actor" => actor, "id" => id - } = _data + } = data ) do - with %User{} = actor <- User.get_or_fetch_by_ap_id(actor), - {:ok, object} <- - get_obj_helper(object_id) || ActivityPub.fetch_object_from_id(object_id), + with actor <- get_actor(data), + %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity, _} <- ActivityPub.unannounce(actor, object, id, false) do {:ok, activity} else @@ -521,11 +523,11 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do "object" => %{"type" => "Like", "object" => object_id}, "actor" => actor, "id" => id - } = _data + } = data ) do - with %User{} = actor <- User.get_or_fetch_by_ap_id(actor), - {:ok, object} <- - get_obj_helper(object_id) || ActivityPub.fetch_object_from_id(object_id), + with actor <- get_actor(data), + %User{} = actor <- User.get_or_fetch_by_ap_id(actor), + {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), {:ok, activity, _, _} <- ActivityPub.unlike(actor, object, id, false) do {:ok, activity} else @@ -535,6 +537,9 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def handle_incoming(_), do: :error + def fetch_obj_helper(id) when is_bitstring(id), do: ActivityPub.fetch_object_from_id(id) + def fetch_obj_helper(obj) when is_map(obj), do: ActivityPub.fetch_object_from_id(obj["id"]) + def get_obj_helper(id) do if object = Object.normalize(id), do: {:ok, object}, else: nil end @@ -630,7 +635,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def maybe_fix_object_url(data) do if is_binary(data["object"]) and not String.starts_with?(data["object"], "http") do - case ActivityPub.fetch_object_from_id(data["object"]) do + case fetch_obj_helper(data["object"]) do {:ok, relative_object} -> if relative_object.data["external_url"] do _data = -- cgit v1.2.3 From e53da692fbdae3bcf9a7d528bf0d6bd170669052 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 27 Sep 2018 11:10:54 +0200 Subject: transmogrifier: Use the correct variable and prefer inspect in case of a bad type being passed on --- lib/pleroma/web/activity_pub/transmogrifier.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 611c0e623..7bdb9594a 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -126,12 +126,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("context", replied_object.data["context"] || object["conversation"]) else e -> - Logger.error("Couldn't fetch #{object["inReplyTo"]} #{inspect(e)}") + Logger.error("Couldn't fetch \"#{inspect(in_reply_to_id)}\", error: #{inspect(e)}") object end e -> - Logger.error("Couldn't fetch #{object["inReplyTo"]} #{inspect(e)}") + Logger.error("Couldn't fetch \"#{inspect(in_reply_to_id)}\", error: #{inspect(e)}") object end end -- cgit v1.2.3 From 9446b02bdf2b642ee5f862c4fccbbe9217a2e3b8 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 27 Sep 2018 11:38:30 +0200 Subject: transmogrifier: Just make attachement maps into a list and reroll --- lib/pleroma/web/activity_pub/transmogrifier.ex | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 7bdb9594a..76998c802 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -159,12 +159,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end def fix_attachments(%{"attachment" => attachment} = object) when is_map(attachment) do - attachment = - Map.put(attachment, "url", [ - %{"type" => "Link", "mediaType" => attachment["mediaType"], "href" => attachment["url"]} - ]) - - Map.put(object, "attachment", attachment) + Map.put(object, "attachment", [attachment]) + |> fix_attachments() end def fix_attachments(object), do: object -- cgit v1.2.3 From c739737998538632f595c03fcedbdb5178ad83b6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 27 Sep 2018 11:51:36 +0200 Subject: transmogrifier: get_actor called without casting attributedTo in actor and actor is nil --- lib/pleroma/web/activity_pub/transmogrifier.ex | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 76998c802..aece77a54 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -30,6 +30,10 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do id end + def get_actor(%{"actor" => nil, "attributedTo" => actor}) when not is_nil(actor) do + get_actor(%{"actor" => actor}) + end + @doc """ Checks that an imported AP object's actor matches the domain it came from. """ -- cgit v1.2.3 From 5c312ad677ffd0b622aea61efa50eae68efbecf8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 28 Sep 2018 00:01:54 +0000 Subject: activitypub inbox: only accept unsigned/invalid-signature relayed creates, nothing else although the previous handling assumed any unsigned/invalid signature message was a Create, lets make it more explicit --- .../web/activity_pub/activity_pub_controller.ex | 24 +++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 52b2a467e..2750add8b 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -93,19 +93,29 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do json(conn, "ok") end + # only accept relayed Creates + def inbox(conn, %{"type" => "Create"} = params) do + Logger.info( + "Signature missing or not from author, relayed Create message, fetching object from source" + ) + + ActivityPub.fetch_object_from_id(params["object"]["id"]) + + json(conn, "ok") + end + def inbox(conn, params) do headers = Enum.into(conn.req_headers, %{}) - if !String.contains?(headers["signature"] || "", params["actor"]) do - Logger.info("Signature not from author, relayed message, fetching from source") - ActivityPub.fetch_object_from_id(params["object"]["id"]) - else - Logger.info("Signature error - make sure you are forwarding the HTTP Host header!") - Logger.info("Could not validate #{params["actor"]}") + if String.contains?(headers["signature"], params["actor"]) do + Logger.info( + "Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!" + ) + Logger.info(inspect(conn.req_headers)) end - json(conn, "ok") + json(conn, "error") end def relay(conn, params) do -- cgit v1.2.3 From 707077edde1fd8b98d5a2e89f63a5f821e33bd0f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 28 Sep 2018 00:44:15 +0000 Subject: activitypub: don't fall back to OStatus fetching when MRF rejects an object --- lib/pleroma/web/activity_pub/activity_pub.ex | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 46dabd5de..e03e7c471 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -756,6 +756,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do {:ok, activity} <- Transmogrifier.handle_incoming(params) do {:ok, Object.normalize(activity.data["object"])} else + {:reject, nil} -> + {:reject, nil} + object = %Object{} -> {:ok, object} -- cgit v1.2.3 From 82b57ebad1b5de0fc4614441e8838cbdb4fe32b3 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 27 Sep 2018 20:17:44 +0200 Subject: [Pleroma.Web.TwitterAPI.UserView]: Add mastodon-fields in "fields" --- lib/pleroma/web/twitter_api/views/user_view.ex | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index cfbaef4c9..a662f83b6 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -37,6 +37,13 @@ defmodule Pleroma.Web.TwitterAPI.UserView do {String.trim(name, ":"), url} end) + # ``fields`` is an array of mastodon profile field, containing ``{"name": "…", "value": "…"}``. + # For example: [{"name": "Pronoun", "value": "she/her"}, …] + fields = + (user.info["source_data"]["attachment"] || []) + |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end) + |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end) + data = %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "description" => HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), @@ -65,7 +72,8 @@ defmodule Pleroma.Web.TwitterAPI.UserView do "is_local" => user.local, "locked" => !!user.info["locked"], "default_scope" => user.info["default_scope"] || "public", - "no_rich_text" => user.info["no_rich_text"] || false + "no_rich_text" => user.info["no_rich_text"] || false, + "fields" => fields } if assigns[:token] do -- cgit v1.2.3 From a3cffd3566495edfe823b75142524717d0b64b24 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 28 Sep 2018 17:20:28 +0200 Subject: formatter: Stop using phoenix HTML and format it ourselves MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Pheonix has an extra scheme whitelist conflicting with ours * Pheonix doesn’t seems to do URL encoding, just HTML encoding Closes: https://git.pleroma.social/pleroma/pleroma/issues/307 --- lib/pleroma/formatter.ex | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 62f54a3f2..d5565a2ca 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -222,13 +222,7 @@ defmodule Pleroma.Formatter do subs = subs ++ Enum.map(links, fn {uuid, url} -> - {:safe, link} = Phoenix.HTML.Link.link(url, to: url) - - link = - link - |> IO.iodata_to_binary() - - {uuid, link} + {uuid, "#{url}"} end) {subs, uuid_text} -- cgit v1.2.3 From 4db1bc2c0ebbeca592b7bbe300782420ee08c304 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 30 Sep 2018 05:25:28 +0000 Subject: activitypub: fix error condition match --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index e03e7c471..fc191addf 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -756,7 +756,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do {:ok, activity} <- Transmogrifier.handle_incoming(params) do {:ok, Object.normalize(activity.data["object"])} else - {:reject, nil} -> + {:error, {:reject, nil}} -> {:reject, nil} object = %Object{} -> -- cgit v1.2.3 From 8226953f1df81513ff9faa364c2a841c68adff0b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 5 Sep 2018 23:06:55 +0200 Subject: [Pleroma.Web.Nodeinfo.NodeinfoController]: Transparency on MRF Simple --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 9c4827426..184b81c25 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -26,6 +26,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do chat = Application.get_env(:pleroma, :chat) gopher = Application.get_env(:pleroma, :gopher) stats = Stats.get_stats() + mrf_simple = Application.get_env(:pleroma, :mrf_simple) staff_accounts = User.moderator_user_query() @@ -64,7 +65,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do }, staffAccounts: staff_accounts, chat: Keyword.get(chat, :enabled), - gopher: Keyword.get(gopher, :enabled) + gopher: Keyword.get(gopher, :enabled), + mrf_simple: Enum.into(mrf_simple, %{}) } } -- cgit v1.2.3 From 56d31db13043dd9215991adf7a4319f51e42086f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Mon, 1 Oct 2018 11:51:12 +0200 Subject: Pleroma.Web.Nodeinfo.NodeinfoController: Further transparency, breaks API of previous one --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 184b81c25..3b495ad86 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -28,6 +28,13 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do stats = Stats.get_stats() mrf_simple = Application.get_env(:pleroma, :mrf_simple) + mrf_policies = + if(is_list(instance.rewrite_policy)) do + instance.rewrite_policy + else + [instance.rewrite_policy] + end + staff_accounts = User.moderator_user_query() |> Repo.all() @@ -66,7 +73,11 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do staffAccounts: staff_accounts, chat: Keyword.get(chat, :enabled), gopher: Keyword.get(gopher, :enabled), - mrf_simple: Enum.into(mrf_simple, %{}) + federation: %{ + mrf_policies: mrf_policies, + mrf_simple: mrf_simple, + quarantined_instances: instance.quarantined_instances + } } } -- cgit v1.2.3 From 28651df478bd8a69f66c4e613076324bb154969d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 4 Oct 2018 13:37:17 +0200 Subject: MRF Transparency --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 3b495ad86..1f1b0282c 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -28,11 +28,23 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do stats = Stats.get_stats() mrf_simple = Application.get_env(:pleroma, :mrf_simple) + mrf_policies = Keyword.get(instance, :rewrite_policy) + mrf_policies = - if(is_list(instance.rewrite_policy)) do - instance.rewrite_policy + if(is_list(mrf_policies)) do + mrf_policies + |> Enum.map(fn policy -> to_string(policy) |> String.split(".") |> List.last() end) + else + [to_string(mrf_policies) |> String.split(".") |> List.last()] + end + + quarantined = Keyword.get(instance, :quarantined_instances) + + quarantined = + if is_list(quarantined) do + quarantined else - [instance.rewrite_policy] + [] end staff_accounts = @@ -76,7 +88,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do federation: %{ mrf_policies: mrf_policies, mrf_simple: mrf_simple, - quarantined_instances: instance.quarantined_instances + quarantined_instances: quarantined } } } -- cgit v1.2.3 From f2efc8dcfbede6df655b3e85af6327802118c185 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 5 Oct 2018 22:32:53 +0200 Subject: nodeinfo_controller: Fix JSON rendering This is the last noedinfo difference from my own branch --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 1f1b0282c..860468506 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -26,7 +26,10 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do chat = Application.get_env(:pleroma, :chat) gopher = Application.get_env(:pleroma, :gopher) stats = Stats.get_stats() - mrf_simple = Application.get_env(:pleroma, :mrf_simple) + + mrf_simple = + Application.get_env(:pleroma, :mrf_simple) + |> Enum.into(%{}) mrf_policies = Keyword.get(instance, :rewrite_policy) -- cgit v1.2.3 From b1be9415effadf81e557eddee3f60bdf0fa359af Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 2 Sep 2018 00:14:25 +0000 Subject: Revert "Merge branch 'revert-a26d5e6b' into 'develop'" This reverts commit d31bbb1cfe04ca6073a322bcf77239e7d4b79839, reversing changes made to 340ab3cb9068d444b77213e07beb8c2c3ca128b9. --- lib/pleroma/formatter.ex | 6 +++- lib/pleroma/web/common_api/common_api.ex | 9 +++++- lib/pleroma/web/common_api/utils.ex | 34 +++++++++++++++++++--- .../web/twitter_api/twitter_api_controller.ex | 2 +- 4 files changed, 44 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index d5565a2ca..c0a176184 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -192,7 +192,11 @@ defmodule Pleroma.Formatter do ] # TODO: make it use something other than @link_regex - def html_escape(text) do + def html_escape(text, "text/html") do + HtmlSanitizeEx.basic_html(text) + end + + def html_escape(text, "text/plain") do Regex.split(@link_regex, text, include_captures: true) |> Enum.map_every(2, fn chunk -> {:safe, part} = Phoenix.HTML.html_escape(chunk) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 125c57d05..2ab50c968 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -85,7 +85,14 @@ defmodule Pleroma.Web.CommonAPI do {to, cc} <- to_for_user_and_mentions(user, mentions, inReplyTo, visibility), tags <- Formatter.parse_tags(status, data), content_html <- - make_content_html(status, mentions, attachments, tags, data["no_attachment_links"]), + make_content_html( + status, + mentions, + attachments, + tags, + data["content_type"] || "text/plain", + data["no_attachment_links"] + ), context <- make_context(inReplyTo), cw <- data["spoiler_text"], object <- diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 358ca22ac..667027c02 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -63,9 +63,16 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end - def make_content_html(status, mentions, attachments, tags, no_attachment_links \\ false) do + def make_content_html( + status, + mentions, + attachments, + tags, + content_type, + no_attachment_links \\ false + ) do status - |> format_input(mentions, tags) + |> format_input(mentions, tags, content_type) |> maybe_add_attachments(attachments, no_attachment_links) end @@ -92,9 +99,9 @@ defmodule Pleroma.Web.CommonAPI.Utils do Enum.join([text | attachment_text], "
") end - def format_input(text, mentions, tags) do + def format_input(text, mentions, tags, "text/plain") do text - |> Formatter.html_escape() + |> Formatter.html_escape("text/plain") |> String.replace(~r/\r?\n/, "
") |> (&{[], &1}).() |> Formatter.add_links() @@ -103,6 +110,25 @@ defmodule Pleroma.Web.CommonAPI.Utils do |> Formatter.finalize() end + def format_input(text, mentions, tags, "text/html") do + text + |> Formatter.html_escape("text/html") + |> String.replace(~r/\r?\n/, "
") + |> (&{[], &1}).() + |> Formatter.add_user_links(mentions) + |> Formatter.finalize() + end + + def format_input(text, mentions, tags, "text/markdown") do + text + |> Earmark.as_html!() + |> Formatter.html_escape("text/html") + |> String.replace(~r/\r?\n/, "") + |> (&{[], &1}).() + |> Formatter.add_user_links(mentions) + |> Formatter.finalize() + end + def add_tag_links(text, tags) do tags = tags diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index cd2bb5b57..c6637e38d 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -423,7 +423,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do {String.trim(name, ":"), url} end) - bio_html = CommonUtils.format_input(bio, mentions, tags) + bio_html = CommonUtils.format_input(bio, mentions, tags, "text/plain") Map.put(params, "bio", bio_html |> Formatter.emojify(emoji)) else params -- cgit v1.2.3 From 16307da3115a840163be149c3847fc600b260bc6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 9 Sep 2018 12:12:31 +0000 Subject: twitterapi: frontend config: add formattingOptionsEnabled --- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 886b70f5f..4aaf28869 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -176,6 +176,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do chatDisabled: !Keyword.get(@instance_chat, :enabled), showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), + formattingOptionsEnabled: Keyword.get(@instance_fe, :formatting_options_enabled), collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject) } -- cgit v1.2.3 From 52b05137c5800186fffee83950c83194a3468057 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 9 Sep 2018 23:40:24 +0000 Subject: formatter: use Pleroma.HTML module instead of HtmlSanitizeEx directly --- lib/pleroma/formatter.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index c0a176184..5b63fb795 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -193,7 +193,7 @@ defmodule Pleroma.Formatter do # TODO: make it use something other than @link_regex def html_escape(text, "text/html") do - HtmlSanitizeEx.basic_html(text) + HTML.filter_tags(text) end def html_escape(text, "text/plain") do -- cgit v1.2.3 From 285ac80c36cbd943b16eb5e1ee4447376f8f555f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 21:02:17 +0000 Subject: config: allow for accepted post formats to be configured --- lib/pleroma/web/common_api/common_api.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 2ab50c968..d4a973e36 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -73,6 +73,11 @@ defmodule Pleroma.Web.CommonAPI do def get_visibility(_), do: "public" @instance Application.get_env(:pleroma, :instance) + @allowed_post_formats Keyword.get(@instance, :allowed_post_formats) + + defp get_content_type(content_type) when content_type in @allowed_post_formats, do: content_type + defp get_content_type(_), do: "text/plain" + @limit Keyword.get(@instance, :limit) def post(user, %{"status" => status} = data) do visibility = get_visibility(data) @@ -90,7 +95,7 @@ defmodule Pleroma.Web.CommonAPI do mentions, attachments, tags, - data["content_type"] || "text/plain", + get_content_type(data["content_type"]), data["no_attachment_links"] ), context <- make_context(inReplyTo), -- cgit v1.2.3 From bd76d9cee6f166c20af9194d4d83f5276041ef75 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 21:05:37 +0000 Subject: nodeinfo: add accepted post formats to metadata --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 860468506..a14000c61 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -92,7 +92,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do mrf_policies: mrf_policies, mrf_simple: mrf_simple, quarantined_instances: quarantined - } + }, + postFormats: Keyword.get(instance, :allowed_post_formats) } } -- cgit v1.2.3 From 4f7a468659626700fff9fea97d1506aa3525dee0 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 22:53:59 +0000 Subject: user: only pre-create follow relationships on OStatus closes #306 --- lib/pleroma/user.ex | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 487bfce32..228f12498 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -185,32 +185,7 @@ defmodule Pleroma.User do def needs_update?(_), do: true def maybe_direct_follow(%User{} = follower, %User{info: info} = followed) do - user_config = Application.get_env(:pleroma, :user) - deny_follow_blocked = Keyword.get(user_config, :deny_follow_blocked) - - user_info = user_info(followed) - - should_direct_follow = - cond do - # if the account is locked, don't pre-create the relationship - user_info[:locked] == true -> - false - - # if the users are blocking each other, we shouldn't even be here, but check for it anyway - deny_follow_blocked and - (User.blocks?(follower, followed) or User.blocks?(followed, follower)) -> - false - - # if OStatus, then there is no three-way handshake to follow - User.ap_enabled?(followed) != true -> - true - - # if there are no other reasons not to, just pre-create the relationship - true -> - true - end - - if should_direct_follow do + if !User.ap_enabled?(followed) do follow(follower, followed) else {:ok, follower} -- cgit v1.2.3 From 8ce217776df12df6f0e8445980cc6a62ba156648 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 23:30:34 +0000 Subject: activitypub transmogrifier: better manage follow state --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index aece77a54..65ac07845 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -326,6 +326,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do with actor <- get_actor(data), %User{} = followed <- User.get_or_fetch_by_ap_id(actor), {:ok, follow_activity} <- get_follow_activity(follow_object, followed), + {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"), %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), {:ok, activity} <- ActivityPub.accept(%{ @@ -351,6 +352,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do with actor <- get_actor(data), %User{} = followed <- User.get_or_fetch_by_ap_id(actor), {:ok, follow_activity} <- get_follow_activity(follow_object, followed), + {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"), %User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]), {:ok, activity} <- ActivityPub.accept(%{ -- cgit v1.2.3 From a71b82201365f92ad78ccec7f6f1ceda456eca4f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 23:31:00 +0000 Subject: activitypub: always track following state for async reasons --- lib/pleroma/web/activity_pub/utils.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 0664b5a2e..43a1f432d 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -247,11 +247,11 @@ defmodule Pleroma.Web.ActivityPub.Utils do "actor" => follower_id, "to" => [followed_id], "cc" => ["https://www.w3.org/ns/activitystreams#Public"], - "object" => followed_id + "object" => followed_id, + "state" => "pending" } data = if activity_id, do: Map.put(data, "id", activity_id), else: data - data = if User.locked?(followed), do: Map.put(data, "state", "pending"), else: data data end -- cgit v1.2.3 From 3e751496e3d5f8c90d5e73d356bebb607d0edb44 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 23:31:49 +0000 Subject: mastodon api: account view: fetch follow state and use it to populate `requested` field --- lib/pleroma/web/mastodon_api/views/account_view.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 96795c420..d4d8ee2a5 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -72,6 +72,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do end def render("relationship.json", %{user: user, target: target}) do + follow_activity = Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(user, target) + requested = follow_activity.data["state"] == "pending" + %{ id: to_string(target.id), following: User.following?(user, target), @@ -79,7 +82,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do blocking: User.blocks?(user, target), muting: false, muting_notifications: false, - requested: false, + requested: requested, domain_blocking: false, showing_reblogs: false, endorsed: false -- cgit v1.2.3 From e69faf550cd14cfee8f56f050a2a544b7450367c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 23:40:49 +0000 Subject: user: add wait_and_refresh() for async three-way handshake case --- lib/pleroma/user.ex | 24 ++++++++++++++++++++++ .../web/mastodon_api/mastodon_api_controller.ex | 3 ++- lib/pleroma/web/twitter_api/twitter_api.ex | 3 ++- 3 files changed, 28 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 228f12498..02f13eb2c 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -738,4 +738,28 @@ defmodule Pleroma.User do get_or_fetch_by_nickname(uri_or_nickname) end end + + # wait a period of time and return newest version of the User structs + # this is because we have synchronous follow APIs and need to simulate them + # with an async handshake + def wait_and_refresh(_, %User{local: true} = a, %User{local: true} = b) do + with %User{} = a <- Repo.get(User, a.id), + %User{} = b <- Repo.get(User, b.id) do + {:ok, a, b} + else + _e -> + :error + end + end + + def wait_and_refresh(timeout, %User{} = a, %User{} = b) do + with :ok <- :timer.sleep(timeout), + %User{} = a <- Repo.get(User, a.id), + %User{} = b <- Repo.get(User, b.id) do + {:ok, a, b} + else + _e -> + :error + end + end end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 391a79885..9a470c364 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -574,7 +574,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do with %User{} = followed <- Repo.get(User, id), {:ok, follower} <- User.maybe_direct_follow(follower, followed), - {:ok, _activity} <- ActivityPub.follow(follower, followed) do + {:ok, _activity} <- ActivityPub.follow(follower, followed), + {:ok, follower, followed} <- User.wait_and_refresh(500, follower, followed) do render(conn, AccountView, "relationship.json", %{user: follower, target: followed}) else {:error, message} -> diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index dbad08e66..3f0e2425c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -23,7 +23,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do def follow(%User{} = follower, params) do with {:ok, %User{} = followed} <- get_user(params), {:ok, follower} <- User.maybe_direct_follow(follower, followed), - {:ok, activity} <- ActivityPub.follow(follower, followed) do + {:ok, activity} <- ActivityPub.follow(follower, followed), + {:ok, follower, followed} <- User.wait_and_refresh(500, follower, followed) do {:ok, follower, followed, activity} else err -> err -- cgit v1.2.3 From 7f530f6f8084b899b2fff40c074602e90d5fa35f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 23:50:13 +0000 Subject: mastodon api: relationship view: better handle no pre-existing follow activity --- lib/pleroma/web/mastodon_api/views/account_view.ex | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index d4d8ee2a5..b68845e16 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -73,7 +73,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do def render("relationship.json", %{user: user, target: target}) do follow_activity = Pleroma.Web.ActivityPub.Utils.fetch_latest_follow(user, target) - requested = follow_activity.data["state"] == "pending" + + requested = + if follow_activity do + follow_activity.data["state"] == "pending" + else + false + end %{ id: to_string(target.id), -- cgit v1.2.3 From 7b3fff9af87bbf8e6b0cc824b7ebf681e4a614f1 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 7 Oct 2018 01:05:59 +0000 Subject: {mastodon api, twitter api}: make the follow handshake timeout configurable --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 6 +++++- lib/pleroma/web/twitter_api/twitter_api.ex | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 9a470c364..499635a9d 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -571,11 +571,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + @activitypub Application.get_env(:pleroma, :activitypub) + @follow_handshake_timeout Keyword.get(@activitypub, :follow_handshake_timeout) + def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do with %User{} = followed <- Repo.get(User, id), {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, _activity} <- ActivityPub.follow(follower, followed), - {:ok, follower, followed} <- User.wait_and_refresh(500, follower, followed) do + {:ok, follower, followed} <- + User.wait_and_refresh(@follow_handshake_timeout, follower, followed) do render(conn, AccountView, "relationship.json", %{user: follower, target: followed}) else {:error, message} -> diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 3f0e2425c..3747285da 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -20,11 +20,15 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end end + @activitypub Application.get_env(:pleroma, :activitypub) + @follow_handshake_timeout Keyword.get(@activitypub, :follow_handshake_timeout) + def follow(%User{} = follower, params) do with {:ok, %User{} = followed} <- get_user(params), {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, activity} <- ActivityPub.follow(follower, followed), - {:ok, follower, followed} <- User.wait_and_refresh(500, follower, followed) do + {:ok, follower, followed} <- + User.wait_and_refresh(@follow_handshake_timeout, follower, followed) do {:ok, follower, followed, activity} else err -> err -- cgit v1.2.3 From 08d5ad71b68e44334911c63aada418fab2c17df2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 7 Oct 2018 01:23:38 +0000 Subject: nodeinfo: allow opting out of MRF transparency --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 30 ++++++++++++++----------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index a14000c61..c40bf1656 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do alias Pleroma.Stats alias Pleroma.Web alias Pleroma.{User, Repo} + alias Pleroma.Web.ActivityPub.MRF def schemas(conn, _params) do response = %{ @@ -31,15 +32,9 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do Application.get_env(:pleroma, :mrf_simple) |> Enum.into(%{}) - mrf_policies = Keyword.get(instance, :rewrite_policy) - mrf_policies = - if(is_list(mrf_policies)) do - mrf_policies - |> Enum.map(fn policy -> to_string(policy) |> String.split(".") |> List.last() end) - else - [to_string(mrf_policies) |> String.split(".") |> List.last()] - end + MRF.get_policies() + |> Enum.map(fn policy -> to_string(policy) |> String.split(".") |> List.last() end) quarantined = Keyword.get(instance, :quarantined_instances) @@ -55,6 +50,19 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do |> Repo.all() |> Enum.map(fn u -> u.ap_id end) + mrf_transparency = Keyword.get(instance, :mrf_transparency) + + federation_response = + if mrf_transparency do + %{ + mrf_policies: mrf_policies, + mrf_simple: mrf_simple, + quarantined_instances: quarantined + } + else + %{} + end + response = %{ version: "2.0", software: %{ @@ -88,11 +96,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do staffAccounts: staff_accounts, chat: Keyword.get(chat, :enabled), gopher: Keyword.get(gopher, :enabled), - federation: %{ - mrf_policies: mrf_policies, - mrf_simple: mrf_simple, - quarantined_instances: quarantined - }, + federation: federation_response, postFormats: Keyword.get(instance, :allowed_post_formats) } } -- cgit v1.2.3 From 111841ad3482c1d41c6f117a3e70676e06d4ca61 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 10 Oct 2018 07:53:20 +0000 Subject: common api: take the combination of the subject and content for length limit enforcement closes #315 --- lib/pleroma/web/common_api/common_api.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index d4a973e36..f8fef219f 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -83,7 +83,6 @@ defmodule Pleroma.Web.CommonAPI do visibility = get_visibility(data) with status <- String.trim(status), - length when length in 1..@limit <- String.length(status), attachments <- attachments_from_ids(data["media_ids"]), mentions <- Formatter.parse_mentions(status), inReplyTo <- get_replied_to_activity(data["in_reply_to_status_id"]), @@ -100,6 +99,8 @@ defmodule Pleroma.Web.CommonAPI do ), context <- make_context(inReplyTo), cw <- data["spoiler_text"], + full_payload <- String.trim(status <> (data["spoiler_text"] || "")), + length when length in 1..@limit <- String.length(full_payload), object <- make_note_data( user.ap_id, -- cgit v1.2.3 From 2c29329d39ded29975336902c5526a5389508536 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 11 Oct 2018 10:35:11 +0000 Subject: user: local users are always AP-enabled (closes #316) --- lib/pleroma/user.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 02f13eb2c..70726d399 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -728,6 +728,7 @@ defmodule Pleroma.User do Repo.insert(cs, on_conflict: :replace_all, conflict_target: :nickname) end + def ap_enabled?(%User{local: true}), do: true def ap_enabled?(%User{info: info}), do: info["ap_enabled"] def ap_enabled?(_), do: false -- cgit v1.2.3 From 51eaece3ea68226f1780e37e46f25e74f3392782 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 11 Oct 2018 10:49:54 +0000 Subject: user: break out local cases for maybe_direct_follow --- lib/pleroma/user.ex | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 70726d399..db6f96daa 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -184,7 +184,15 @@ defmodule Pleroma.User do def needs_update?(_), do: true - def maybe_direct_follow(%User{} = follower, %User{info: info} = followed) do + def maybe_direct_follow(%User{} = follower, %User{local: true, info: %{"locked" => true}}) do + {:ok, follower} + end + + def maybe_direct_follow(%User{} = follower, %User{local: true} = followed) do + follow(follower, followed) + end + + def maybe_direct_follow(%User{} = follower, %User{} = followed) do if !User.ap_enabled?(followed) do follow(follower, followed) else -- cgit v1.2.3 From eacab0fb056ffc018b7e0abea27db7af435dc553 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 14 Oct 2018 01:45:11 +0200 Subject: Delete Tokens and Authorizations on password change Closes: https://git.pleroma.social/pleroma/pleroma/issues/320 --- lib/pleroma/user.ex | 5 ++++- lib/pleroma/web/oauth/authorization.ex | 10 +++++++++- lib/pleroma/web/oauth/token.ex | 10 ++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index db6f96daa..e97224731 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -4,7 +4,7 @@ defmodule Pleroma.User do import Ecto.{Changeset, Query} alias Pleroma.{Repo, User, Object, Web, Activity, Notification} alias Comeonin.Pbkdf2 - alias Pleroma.Web.{OStatus, Websub} + alias Pleroma.Web.{OStatus, Websub, OAuth} alias Pleroma.Web.ActivityPub.{Utils, ActivityPub} schema "users" do @@ -132,6 +132,9 @@ defmodule Pleroma.User do |> validate_required([:password, :password_confirmation]) |> validate_confirmation(:password) + OAuth.Token.delete_user_tokens(struct) + OAuth.Authorization.delete_user_authorizations(struct) + if changeset.valid? do hashed = Pbkdf2.hashpwsalt(changeset.changes[:password]) diff --git a/lib/pleroma/web/oauth/authorization.ex b/lib/pleroma/web/oauth/authorization.ex index 23e8eb7b1..2cad4550a 100644 --- a/lib/pleroma/web/oauth/authorization.ex +++ b/lib/pleroma/web/oauth/authorization.ex @@ -4,7 +4,7 @@ defmodule Pleroma.Web.OAuth.Authorization do alias Pleroma.{User, Repo} alias Pleroma.Web.OAuth.{Authorization, App} - import Ecto.{Changeset} + import Ecto.{Changeset, Query} schema "oauth_authorizations" do field(:token, :string) @@ -45,4 +45,12 @@ defmodule Pleroma.Web.OAuth.Authorization do end def use_token(%Authorization{used: true}), do: {:error, "already used"} + + def delete_user_authorizations(%User{id: user_id}) do + from( + a in Pleroma.Web.OAuth.Authorization, + where: a.user_id == ^user_id + ) + |> Repo.delete_all() + end end diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index 343fc0c45..a77d5af35 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -1,6 +1,8 @@ defmodule Pleroma.Web.OAuth.Token do use Ecto.Schema + import Ecto.Query + alias Pleroma.{User, Repo} alias Pleroma.Web.OAuth.{Token, App, Authorization} @@ -35,4 +37,12 @@ defmodule Pleroma.Web.OAuth.Token do Repo.insert(token) end + + def delete_user_tokens(%User{id: user_id}) do + from( + t in Pleroma.Web.OAuth.Token, + where: t.user_id == ^user_id + ) + |> Repo.delete_all() + end end -- cgit v1.2.3 From 30efa86c05b7747c62ad219e6c000b5c4ce161ae Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 14 Oct 2018 20:36:11 +0000 Subject: common api: enable tag linking in markdown mode --- lib/pleroma/web/common_api/utils.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 667027c02..4cbbd0c7d 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -126,6 +126,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do |> String.replace(~r/\r?\n/, "") |> (&{[], &1}).() |> Formatter.add_user_links(mentions) + |> Formatter.add_hashtag_links(tags) |> Formatter.finalize() end -- cgit v1.2.3 From 50e0a9ae56ad2704240956d1f93cc04bafcb8b75 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 16 Oct 2018 03:00:37 +0200 Subject: lib/pleroma/html.ex: Fix scheme lists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Gosh please don’t break ourselves… Also this is copy-paste of the list in lib/pleroma/formatter.ex, I think this should be put in a common variable, but where? --- lib/pleroma/html.ex | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index cf18f070c..f86855671 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -39,7 +39,22 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - @valid_schemes ["http", "https"] + @valid_schemes [ + "https://", + "http://", + "dat://", + "dweb://", + "gopher://", + "ipfs://", + "ipns://", + "irc:", + "ircs:", + "magnet:", + "mailto:", + "mumble:", + "ssb://", + "xmpp:" + ] Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() -- cgit v1.2.3 From d7654c77de1f027091a380630559bbda9abb9540 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 16 Oct 2018 03:34:33 +0200 Subject: lib/pleroma/html.ex: Use a function as a variable (broken for some reason) --- lib/pleroma/html.ex | 46 +++++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 21 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index f86855671..8a5ede614 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,6 +3,25 @@ defmodule Pleroma.HTML do @markup Application.get_env(:pleroma, :markup) + def valid_schemes() do + [ + "https://", + "http://", + "dat://", + "dweb://", + "gopher://", + "ipfs://", + "ipns://", + "irc:", + "ircs:", + "magnet:", + "mailto:", + "mumble:", + "ssb://", + "xmpp:" + ] + end + defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber] defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] @@ -39,28 +58,13 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - @valid_schemes [ - "https://", - "http://", - "dat://", - "dweb://", - "gopher://", - "ipfs://", - "ipns://", - "irc:", - "ircs:", - "magnet:", - "mailto:", - "mumble:", - "ssb://", - "xmpp:" - ] + alias Pleroma.HTML Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() # links - Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) # paragraphs and linebreaks @@ -75,7 +79,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) Meta.allow_tag_with_these_attributes("img", [ "width", @@ -94,12 +98,12 @@ defmodule Pleroma.HTML.Scrubber.Default do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - @valid_schemes ["http", "https"] + alias Pleroma.HTML Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() - Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) + Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) Meta.allow_tag_with_these_attributes("b", []) @@ -122,7 +126,7 @@ defmodule Pleroma.HTML.Scrubber.Default do @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) Meta.allow_tag_with_these_attributes("img", [ "width", -- cgit v1.2.3 From 7562912f6a1bd642bc4a3bee52f0375d1e067180 Mon Sep 17 00:00:00 2001 From: scarlett Date: Wed, 17 Oct 2018 04:16:11 +0100 Subject: Use maybe_direct_follow for follow imports --- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 4aaf28869..109704d00 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -223,7 +223,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do |> Enum.map(fn account -> with %User{} = follower <- User.get_cached_by_ap_id(user.ap_id), %User{} = followed <- User.get_or_fetch(account), - {:ok, follower} <- User.follow(follower, followed) do + {:ok, follower} <- User.maybe_direct_follow(follower, followed) do ActivityPub.follow(follower, followed) else err -> Logger.debug("follow_import: following #{account} failed with #{inspect(err)}") -- cgit v1.2.3 From 582dbe5c8dceafdbcb266aeb43279456818e773a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 17 Oct 2018 19:15:20 +0000 Subject: formatter: fix matching osada users --- lib/pleroma/formatter.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 5b63fb795..21b08a62e 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -248,7 +248,12 @@ defmodule Pleroma.Formatter do subs = subs ++ Enum.map(mentions, fn {match, %User{ap_id: ap_id, info: info}, uuid} -> - ap_id = info["source_data"]["url"] || ap_id + ap_id = + if is_binary(info["source_data"]["url"]) do + info["source_data"]["url"] + else + ap_id + end short_match = String.split(match, "@") |> tl() |> hd() -- cgit v1.2.3 From 2154c5dcd891cf2a85c0251e07424b5681aa88a2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 18 Oct 2018 07:36:58 +0200 Subject: lib/pleroma/html.ex: Use macros for valid_schemes, change config for schemes --- lib/pleroma/formatter.ex | 27 +++------------------------ lib/pleroma/html.ex | 37 ++++++++++++------------------------- 2 files changed, 15 insertions(+), 49 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 5b63fb795..d7de5b483 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -171,25 +171,8 @@ defmodule Pleroma.Formatter do @link_regex ~r/[0-9a-z+\-\.]+:[0-9a-z$-_.+!*'(),]+/ui - # IANA got a list https://www.iana.org/assignments/uri-schemes/ but - # Stuff like ipfs isn’t in it - # There is very niche stuff - @uri_schemes [ - "https://", - "http://", - "dat://", - "dweb://", - "gopher://", - "ipfs://", - "ipns://", - "irc:", - "ircs:", - "magnet:", - "mailto:", - "mumble:", - "ssb://", - "xmpp:" - ] + @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) + @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) # TODO: make it use something other than @link_regex def html_escape(text, "text/html") do @@ -207,14 +190,10 @@ defmodule Pleroma.Formatter do @doc "changes scheme:... urls to html links" def add_links({subs, text}) do - additionnal_schemes = - Application.get_env(:pleroma, :uri_schemes, []) - |> Keyword.get(:additionnal_schemes, []) - links = text |> String.split([" ", "\t", "
"]) - |> Enum.filter(fn word -> String.starts_with?(word, @uri_schemes ++ additionnal_schemes) end) + |> Enum.filter(fn word -> String.starts_with?(word, @valid_schemes) end) |> Enum.filter(fn word -> Regex.match?(@link_regex, word) end) |> Enum.map(fn url -> {Ecto.UUID.generate(), url} end) |> Enum.sort_by(fn {_, url} -> -String.length(url) end) diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 8a5ede614..2d2155b82 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -3,25 +3,6 @@ defmodule Pleroma.HTML do @markup Application.get_env(:pleroma, :markup) - def valid_schemes() do - [ - "https://", - "http://", - "dat://", - "dweb://", - "gopher://", - "ipfs://", - "ipns://", - "irc:", - "ircs:", - "magnet:", - "mailto:", - "mumble:", - "ssb://", - "xmpp:" - ] - end - defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber] defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] @@ -55,6 +36,10 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do paragraphs, breaks and links are allowed through the filter. """ + @markup Application.get_env(:pleroma, :markup) + @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) + @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) + require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta @@ -64,7 +49,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do Meta.strip_comments() # links - Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) # paragraphs and linebreaks @@ -75,11 +60,10 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do Meta.allow_tag_with_these_attributes("span", []) # allow inline images for custom emoji - @markup Application.get_env(:pleroma, :markup) @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) + Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) Meta.allow_tag_with_these_attributes("img", [ "width", @@ -100,10 +84,14 @@ defmodule Pleroma.HTML.Scrubber.Default do alias Pleroma.HTML + @markup Application.get_env(:pleroma, :markup) + @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) + @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) + Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() - Meta.allow_tag_with_uri_attributes("a", ["href"], HTML.valid_schemes()) + Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) Meta.allow_tag_with_these_attributes("b", []) @@ -122,11 +110,10 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.allow_tag_with_these_attributes("u", []) Meta.allow_tag_with_these_attributes("ul", []) - @markup Application.get_env(:pleroma, :markup) @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], HTML.valid_schemes()) + Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) Meta.allow_tag_with_these_attributes("img", [ "width", -- cgit v1.2.3 From 595d855f0ebd88faede51bf3e08384e956465722 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 18 Oct 2018 14:29:31 +0000 Subject: html scrubbing policies: restrict img tags to http/https only for mediaproxy compatibility --- lib/pleroma/html.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 2d2155b82..fdc5e7dab 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -63,7 +63,8 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + # restrict img tags to http/https only, because of MediaProxy. + Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"]) Meta.allow_tag_with_these_attributes("img", [ "width", @@ -113,7 +114,8 @@ defmodule Pleroma.HTML.Scrubber.Default do @allow_inline_images Keyword.get(@markup, :allow_inline_images) if @allow_inline_images do - Meta.allow_tag_with_uri_attributes("img", ["src"], @valid_schemes) + # restrict img tags to http/https only, because of MediaProxy. + Meta.allow_tag_with_uri_attributes("img", ["src"], ["http", "https"]) Meta.allow_tag_with_these_attributes("img", [ "width", -- cgit v1.2.3 From e8c698af410639af52d89efc48f1433cd5404372 Mon Sep 17 00:00:00 2001 From: AkiraFukushima Date: Fri, 19 Oct 2018 01:46:26 +0900 Subject: Add an endpoint /api/v1/accounts/:id/lists to get lists to which account belongs --- lib/pleroma/list.ex | 11 +++++++++++ lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 6 ++++++ lib/pleroma/web/router.ex | 1 + 3 files changed, 18 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index 53d98665b..a99e3245b 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -69,6 +69,17 @@ defmodule Pleroma.List do Repo.all(query) end + # Get lists to which the account belongs. + def get_lists_account_belongs(%User{} = owner, account_id) do + user = Repo.get(User, account_id) + query = + from( + l in Pleroma.List, + where: l.user_id == ^owner.id and fragment("? = ANY(?)", ^user.follower_address, l.following) + ) + Repo.all(query) + end + def rename(%Pleroma.List{} = list, title) do list |> title_changeset(%{title: title}) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 499635a9d..cbda069df 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -770,6 +770,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def account_lists(%{assigns: %{user: user}} = conn, %{"id" => account_id}) do + lists = Pleroma.List.get_lists_account_belongs(user, account_id) + res = ListView.render("lists.json", lists: lists) + json(conn, res) + end + def delete_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Pleroma.List{} = list <- Pleroma.List.get(id, user), {:ok, _list} <- Pleroma.List.delete(list) do diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index ddfaa8c42..b531b6188 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -119,6 +119,7 @@ defmodule Pleroma.Web.Router do post("/accounts/:id/unblock", MastodonAPIController, :unblock) post("/accounts/:id/mute", MastodonAPIController, :relationship_noop) post("/accounts/:id/unmute", MastodonAPIController, :relationship_noop) + get("/accounts/:id/lists", MastodonAPIController, :account_lists) get("/follow_requests", MastodonAPIController, :follow_requests) post("/follow_requests/:id/authorize", MastodonAPIController, :authorize_follow_request) -- cgit v1.2.3 From a249cbf18724084d6bcb7fee0ba577241c1f6adb Mon Sep 17 00:00:00 2001 From: AkiraFukushima Date: Fri, 19 Oct 2018 21:24:15 +0900 Subject: Add a test for List.get_lists_account_belongs --- lib/pleroma/list.ex | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex index a99e3245b..891c73f5a 100644 --- a/lib/pleroma/list.ex +++ b/lib/pleroma/list.ex @@ -72,11 +72,19 @@ defmodule Pleroma.List do # Get lists to which the account belongs. def get_lists_account_belongs(%User{} = owner, account_id) do user = Repo.get(User, account_id) + query = from( l in Pleroma.List, - where: l.user_id == ^owner.id and fragment("? = ANY(?)", ^user.follower_address, l.following) + where: + l.user_id == ^owner.id and + fragment( + "? = ANY(?)", + ^user.follower_address, + l.following + ) ) + Repo.all(query) end -- cgit v1.2.3 From a253c1466e47018ca9c98f5b3f60016bc0ecbb6d Mon Sep 17 00:00:00 2001 From: scarlett Date: Sun, 21 Oct 2018 12:52:52 +0100 Subject: New frontend options --- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 109704d00..01cd17121 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -177,7 +177,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), formattingOptionsEnabled: Keyword.get(@instance_fe, :formatting_options_enabled), - collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject) + collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject), + hidePostStats: Keyword.get(@instance_fe, :hide_post_stats), + hideUserStats: Keyword.get(@instance_fe, :hide_user_stats) } managed_config = Keyword.get(@instance, :managed_config) -- cgit v1.2.3 From 8613db0e3b2d998e0e0a336562e872e4b38f2a26 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 23 Oct 2018 00:48:49 +0000 Subject: html: ensure comments are correctly scrubbed --- lib/pleroma/html.ex | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index fdc5e7dab..a7338eac3 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -43,8 +43,6 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - alias Pleroma.HTML - Meta.remove_cdata_sections_before_scrub() Meta.strip_comments() @@ -83,8 +81,6 @@ defmodule Pleroma.HTML.Scrubber.Default do require HtmlSanitizeEx.Scrubber.Meta alias HtmlSanitizeEx.Scrubber.Meta - alias Pleroma.HTML - @markup Application.get_env(:pleroma, :markup) @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) @valid_schemes Keyword.get(@uri_schemes, :valid_schemes, []) @@ -181,6 +177,8 @@ defmodule Pleroma.HTML.Transform.MediaProxy do {"img", attributes, children} end + def scrub({:comment, children}), do: "" + def scrub({tag, attributes, children}), do: {tag, attributes, children} def scrub({tag, children}), do: children def scrub(text), do: text -- cgit v1.2.3 From f3f736afc4b4532ef71d5c6aba42945bd26a7699 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 25 Oct 2018 02:47:55 +0000 Subject: activity: add helper to fetch an activity's parent --- lib/pleroma/activity.ex | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index bed96861f..c065f3b6c 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -82,4 +82,10 @@ defmodule Pleroma.Activity do def normalize(obj) when is_map(obj), do: Activity.get_by_ap_id(obj["id"]) def normalize(ap_id) when is_binary(ap_id), do: Activity.get_by_ap_id(ap_id) def normalize(_), do: nil + + def get_in_reply_to_activity(%Activity{data: %{"object" => %{"inReplyTo" => ap_id}}}) do + get_create_activity_by_object_ap_id(ap_id) + end + + def get_in_reply_to_activity(_), do: nil end -- cgit v1.2.3 From fee43ae5e748368022cc5dc6393015ef64e0894b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 25 Oct 2018 02:54:29 +0000 Subject: twitterapi: activity view: implement in_reply_to_screen_name using the new graph walking helper --- .../web/twitter_api/representers/activity_representer.ex | 10 ++++++++++ lib/pleroma/web/twitter_api/views/activity_view.ex | 10 ++++++++++ 2 files changed, 20 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index b21bbb205..04857001c 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -180,6 +180,15 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do attachments = (object["attachment"] || []) ++ video + reply_parent = Activity.get_in_reply_to_activity(activity) + + reply_user_nickname = + if reply_parent do + User.get_cached_by_ap_id(reply_parent.actor).nickname + else + nil + end + %{ "id" => activity.id, "uri" => activity.data["object"]["id"], @@ -190,6 +199,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do "is_post_verb" => true, "created_at" => created_at, "in_reply_to_status_id" => object["inReplyToStatusId"], + "in_reply_to_screen_name" => reply_user_nickname, "statusnet_conversation_id" => conversation_id, "attachments" => attachments |> ObjectRepresenter.enum_to_list(opts), "attentions" => attentions, diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index b9fd062d6..13fb04f95 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -236,6 +236,15 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do HTML.filter_tags(content, User.html_filter_policy(opts[:for])) |> Formatter.emojify(object["emoji"]) + reply_parent = Activity.get_in_reply_to_activity(activity) + + reply_user_nickname = + if reply_parent do + User.get_cached_by_ap_id(reply_parent.actor).nickname + else + nil + end + %{ "id" => activity.id, "uri" => activity.data["object"]["id"], @@ -246,6 +255,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "is_post_verb" => true, "created_at" => created_at, "in_reply_to_status_id" => object["inReplyToStatusId"], + "in_reply_to_screen_name" => reply_user_nickname, "statusnet_conversation_id" => conversation_id, "attachments" => (object["attachment"] || []) |> ObjectRepresenter.enum_to_list(opts), "attentions" => attentions, -- cgit v1.2.3 From 3b0e9287a5c36dea7b7a4a240a14295cb17420b4 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 29 Aug 2018 21:07:12 +0200 Subject: [Pleroma.Web.MastodonAPI.StatusView]: Return nil as fallback for missing views --- lib/pleroma/web/mastodon_api/views/status_view.ex | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index ef46ba4fc..d50e82274 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -158,6 +158,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do } end + def render("status.json", %{activity: %{data: %{"object" => object}} = activity} = opts) do + nil + end + def render("attachment.json", %{attachment: attachment}) do [attachment_url | _] = attachment["url"] media_type = attachment_url["mediaType"] || attachment_url["mimeType"] || "image" -- cgit v1.2.3 From 0c10be87311cbe851c48218899f305e81e880741 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 29 Aug 2018 20:16:01 +0200 Subject: [Pleroma.Web.MastodonAPI.StatusView]: Remove nils from lists.json --- lib/pleroma/web/mastodon_api/views/status_view.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index d50e82274..a0706cb6a 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -34,6 +34,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do "status.json", Map.put(opts, :replied_to_activities, replied_to_activities) ) + |> Enum.filter(fn x -> not is_nil(x) end) end def render( -- cgit v1.2.3 From 2da0ffeb286b58c62dd005db55e7d089a02380ed Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 30 Aug 2018 14:49:42 +0200 Subject: lib/pleroma/web/mastodon_api/mastodon_api_controller.ex: Output an error when render(status.json) gives a nil --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index cbda069df..281f2a137 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -282,7 +282,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Repo.get(Activity, id), true <- ActivityPub.visible_for_user?(activity, user) do - render(conn, StatusView, "status.json", %{activity: activity, for: user}) + res = render(conn, StatusView, "status.json", %{activity: activity, for: user}) + + if res == nil do + conn + |> put_status(501) + |> json(%{error: "Can't display this status"}) + else + res + end end end -- cgit v1.2.3 From b0a940d5a2cc4863dcd47ff04223ad1d125fcff3 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 25 Oct 2018 05:18:10 +0200 Subject: [Pleroma.Web.MastodonAPI.StatusView]: Remove unused arguments --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index a0706cb6a..8ffaf8466 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -159,7 +159,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do } end - def render("status.json", %{activity: %{data: %{"object" => object}} = activity} = opts) do + def render("status.json", _) do nil end -- cgit v1.2.3 From b112112c1100243aa58721fd2efb756ad119c506 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 25 Oct 2018 05:52:45 +0200 Subject: [Pleroma.Web.MastodonAPI.MastodonAPIController]: Wrap around render/4 --- .../web/mastodon_api/mastodon_api_controller.ex | 33 +++++++++++++--------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 281f2a137..77146d780 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -282,15 +282,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do with %Activity{} = activity <- Repo.get(Activity, id), true <- ActivityPub.visible_for_user?(activity, user) do - res = render(conn, StatusView, "status.json", %{activity: activity, for: user}) - - if res == nil do - conn - |> put_status(501) - |> json(%{error: "Can't display this status"}) - else - res - end + try_render(conn, StatusView, "status.json", %{activity: activity, for: user}) end end @@ -353,7 +345,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do {:ok, activity} = Cachex.fetch!(:idempotency_cache, idempotency_key, fn _ -> CommonAPI.post(user, params) end) - render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) + try_render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) end def delete_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do @@ -369,28 +361,28 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def reblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user) do - render(conn, StatusView, "status.json", %{activity: announce, for: user, as: :activity}) + try_render(conn, StatusView, "status.json", %{activity: announce, for: user, as: :activity}) end end def unreblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do - render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) + try_render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) end end def fav_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do with {:ok, _fav, %{data: %{"id" => id}}} <- CommonAPI.favorite(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do - render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) + try_render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) end end def unfav_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do with {:ok, _, _, %{data: %{"id" => id}}} <- CommonAPI.unfavorite(ap_id_or_id, user), %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do - render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) + try_render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity}) end end @@ -1210,4 +1202,17 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, []) end end + + def try_render(conn, renderer, target, params) + when is_binary(target) do + res = render(conn, renderer, target, params) + + if res == nil do + conn + |> put_status(501) + |> json(%{error: "Can't display this activity"}) + else + res + end + end end -- cgit v1.2.3 From 1b480e351405a4f987e0ba21bfe845cef7ff36de Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 25 Oct 2018 04:01:59 +0000 Subject: user: add helper for fetching profile url (which may be different than ap id) --- lib/pleroma/user.ex | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index e97224731..0c9fa559a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -42,6 +42,10 @@ defmodule Pleroma.User do end end + def profile_url(%User{info: %{"source_data" => %{"url" => url}}}), do: url + def profile_url(%User{ap_id: ap_id}), do: ap_id + def profile_url(_), do: nil + def ap_id(%User{nickname: nickname}) do "#{Web.base_url()}/users/#{nickname}" end -- cgit v1.2.3 From 1ed25c963a69d0f4cabcb7adfed0739af82d1f32 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 25 Oct 2018 04:04:04 +0000 Subject: twitterapi: activity view: add the other in_reply_to fields --- .../web/twitter_api/representers/activity_representer.ex | 12 +++++------- lib/pleroma/web/twitter_api/views/activity_view.ex | 12 +++++------- 2 files changed, 10 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index 04857001c..fbd33f07e 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -182,12 +182,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do reply_parent = Activity.get_in_reply_to_activity(activity) - reply_user_nickname = - if reply_parent do - User.get_cached_by_ap_id(reply_parent.actor).nickname - else - nil - end + reply_user = reply_parent && User.get_cached_by_ap_id(reply_parent.actor) %{ "id" => activity.id, @@ -199,7 +194,10 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do "is_post_verb" => true, "created_at" => created_at, "in_reply_to_status_id" => object["inReplyToStatusId"], - "in_reply_to_screen_name" => reply_user_nickname, + "in_reply_to_screen_name" => reply_user && reply_user.nickname, + "in_reply_to_profileurl" => User.profile_url(reply_user), + "in_reply_to_ostatus_uri" => reply_user && reply_user.ap_id, + "in_reply_to_user_id" => reply_user && reply_user.id, "statusnet_conversation_id" => conversation_id, "attachments" => attachments |> ObjectRepresenter.enum_to_list(opts), "attentions" => attentions, diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 13fb04f95..fb97f199b 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -238,12 +238,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do reply_parent = Activity.get_in_reply_to_activity(activity) - reply_user_nickname = - if reply_parent do - User.get_cached_by_ap_id(reply_parent.actor).nickname - else - nil - end + reply_user = reply_parent && User.get_cached_by_ap_id(reply_parent.actor) %{ "id" => activity.id, @@ -255,7 +250,10 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "is_post_verb" => true, "created_at" => created_at, "in_reply_to_status_id" => object["inReplyToStatusId"], - "in_reply_to_screen_name" => reply_user_nickname, + "in_reply_to_screen_name" => reply_user && reply_user.nickname, + "in_reply_to_profileurl" => User.profile_url(reply_user), + "in_reply_to_ostatus_uri" => reply_user && reply_user.ap_id, + "in_reply_to_user_id" => reply_user && reply_user.id, "statusnet_conversation_id" => conversation_id, "attachments" => (object["attachment"] || []) |> ObjectRepresenter.enum_to_list(opts), "attentions" => attentions, -- cgit v1.2.3 From b386888a0e8b13883f1457c2c62db8bd8b6744ce Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 25 Oct 2018 06:05:13 +0200 Subject: [Pleroma.Web.MastodonAPI.MastodonAPIController]: fallback for try_render/4 Better be sure than sorry --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 77146d780..751698ca8 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -1215,4 +1215,10 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do res end end + + def try_render(conn, _, _, _) do + conn + |> put_status(501) + |> json(%{error: "Can't display this activity"}) + end end -- cgit v1.2.3 From 5383887bd4b807edffad2c27338debdc6389a238 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 25 Oct 2018 04:27:33 +0000 Subject: transmogrifier: do not try to contain origin of something which doesn't have one --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 65ac07845..cbc800ad6 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -37,6 +37,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do @doc """ Checks that an imported AP object's actor matches the domain it came from. """ + def contain_origin(id, %{"actor" => nil}), do: :error + def contain_origin(id, %{"actor" => actor} = params) do id_uri = URI.parse(id) actor_uri = URI.parse(get_actor(params)) -- cgit v1.2.3 From 2f1f1a4f30430544d77c82627011800b65d51ba3 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 25 Oct 2018 05:02:21 +0000 Subject: activitypub: splice users into recipient lists when they receive messages at their personal inbox closes #343 --- .../web/activity_pub/activity_pub_controller.ex | 11 +++++- lib/pleroma/web/activity_pub/utils.ex | 42 ++++++++++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 2750add8b..a7b1c0079 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do alias Pleroma.Web.ActivityPub.{ObjectView, UserView} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Relay + alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.Federator require Logger @@ -87,7 +88,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do outbox(conn, %{"nickname" => nickname, "max_id" => nil}) end - # TODO: Ensure that this inbox is a recipient of the message + def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do + with %User{} = user <- User.get_cached_by_nickname(nickname), + true <- Utils.recipient_in_message(user.ap_id, params), + params <- Utils.maybe_splice_recipient(user.ap_id, params) do + Federator.enqueue(:incoming_ap_doc, params) + json(conn, "ok") + end + end + def inbox(%{assigns: %{valid_signature: true}} = conn, params) do Federator.enqueue(:incoming_ap_doc, params) json(conn, "ok") diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 43a1f432d..8b5feef1c 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -19,6 +19,48 @@ defmodule Pleroma.Web.ActivityPub.Utils do Map.put(params, "actor", get_ap_id(params["actor"])) end + defp recipient_in_collection(ap_id, coll) when is_binary(coll), do: ap_id == coll + defp recipient_in_collection(ap_id, coll) when is_list(coll), do: ap_id in coll + defp recipient_in_collection(_, _), do: false + + def recipient_in_message(ap_id, params) do + cond do + recipient_in_collection(ap_id, params["to"]) -> + true + + recipient_in_collection(ap_id, params["cc"]) -> + true + + recipient_in_collection(ap_id, params["bto"]) -> + true + + recipient_in_collection(ap_id, params["bcc"]) -> + true + + true -> + false + end + end + + defp extract_list(target) when is_binary(target), do: [target] + defp extract_list(lst) when is_list(lst), do: lst + defp extract_list(_), do: [] + + def maybe_splice_recipient(ap_id, params) do + need_splice = + !recipient_in_collection(ap_id, params["to"]) && + !recipient_in_collection(ap_id, params["cc"]) + + cc_list = extract_list(params["cc"]) + + if need_splice do + params + |> Map.put(params, "cc", [ap_id | cc_list]) + else + params + end + end + def make_json_ld_header do %{ "@context" => [ -- cgit v1.2.3 From ce70eb8c0097e7d07ebc43b601c0913170d6283e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 25 Oct 2018 05:24:01 +0000 Subject: activitypub utils: fix user splicing --- lib/pleroma/web/activity_pub/utils.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 8b5feef1c..266667f81 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -55,7 +55,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do if need_splice do params - |> Map.put(params, "cc", [ap_id | cc_list]) + |> Map.put("cc", [ap_id | cc_list]) else params end -- cgit v1.2.3 From ae5beb7b6464d9bc4532693987d9d94cd5bac6bd Mon Sep 17 00:00:00 2001 From: scarlett Date: Thu, 25 Oct 2018 17:58:46 +0100 Subject: Make finmoji optional --- lib/pleroma/formatter.ex | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 1756cc187..ecc102b62 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -94,9 +94,15 @@ defmodule Pleroma.Formatter do "woollysocks" ] - @finmoji_with_filenames Enum.map(@finmoji, fn finmoji -> - {finmoji, "/finmoji/128px/#{finmoji}-128.png"} - end) + @instance Application.get_env(:pleroma, :instance) + + @finmoji_with_filenames (if Keyword.get(@instance, :finmoji_enabled) do + Enum.map(@finmoji, fn finmoji -> + {finmoji, "/finmoji/128px/#{finmoji}-128.png"} + end) + else + [] + end) @emoji_from_file (with {:ok, default} <- File.read("config/emoji.txt") do custom = -- cgit v1.2.3 From 57330dd91b207d11f1c9ba7633a486e5917f7e9b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 4 Sep 2018 18:15:02 +0200 Subject: [Pleroma.Web.Nodeinfo.NodeinfoController]: Have a list of supported features --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index c40bf1656..b95e12aed 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -63,6 +63,24 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do %{} end + features = [ + "pleroma_api_socket", + "mastodon_api_socket", + "mastodon_api_streaming", + if Keyword.get(media_proxy, :enabled) do + "media_proxy" + end, + if Keyword.get(gopher, :enabled) do + "gopher" + end, + if Keyword.get(chat, :enabled) do + "pleroma_api_chat" + end, + if Keyword.get(suggestions, :enabled) do + "3rdparty_suggestions" + end + ] + response = %{ version: "2.0", software: %{ @@ -84,7 +102,6 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do metadata: %{ nodeName: Keyword.get(instance, :name), nodeDescription: Keyword.get(instance, :description), - mediaProxy: Keyword.get(media_proxy, :enabled), private: !Keyword.get(instance, :public, true), suggestions: %{ enabled: Keyword.get(suggestions, :enabled, false), @@ -94,10 +111,9 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do web: Keyword.get(suggestions, :web, "") }, staffAccounts: staff_accounts, - chat: Keyword.get(chat, :enabled), - gopher: Keyword.get(gopher, :enabled), federation: federation_response, postFormats: Keyword.get(instance, :allowed_post_formats) + features: features, } } -- cgit v1.2.3 From 7906dfe5a080cf698474a324d6242101bcf68ed6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 7 Sep 2018 02:45:26 +0200 Subject: [Pleroma.Web.Nodeinfo.NodeinfoController]: Simplify features strings --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index b95e12aed..59b0ce3e1 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -64,8 +64,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do end features = [ - "pleroma_api_socket", - "mastodon_api_socket", + "pleroma_api", + "mastodon_api", "mastodon_api_streaming", if Keyword.get(media_proxy, :enabled) do "media_proxy" @@ -74,10 +74,10 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do "gopher" end, if Keyword.get(chat, :enabled) do - "pleroma_api_chat" + "chat" end, if Keyword.get(suggestions, :enabled) do - "3rdparty_suggestions" + "suggestions" end ] @@ -112,8 +112,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do }, staffAccounts: staff_accounts, federation: federation_response, - postFormats: Keyword.get(instance, :allowed_post_formats) - features: features, + postFormats: Keyword.get(instance, :allowed_post_formats), + features: features } } -- cgit v1.2.3 From f6cb963df208a1f24aa195fda4ed894caac9e7bc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 26 Oct 2018 01:24:22 +0000 Subject: activitypub utils: fix recipient check when the message is unaddressed (mastodon) --- lib/pleroma/web/activity_pub/utils.ex | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 266667f81..d6ac2dd8c 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -37,6 +37,11 @@ defmodule Pleroma.Web.ActivityPub.Utils do recipient_in_collection(ap_id, params["bcc"]) -> true + # if the message is unaddressed at all, then assume it is directly addressed + # to the recipient + !params["to"] && !params["cc"] && !params["bto"] && !params["bcc"] -> + true + true -> false end -- cgit v1.2.3 From 7338368ad901db1463014f29fbecd89794fdc908 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 26 Oct 2018 03:06:42 +0000 Subject: http: enable keepalive / connection pooling (closes #336) --- lib/pleroma/http/http.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/http/http.ex b/lib/pleroma/http/http.ex index c19bccf60..f222e1774 100644 --- a/lib/pleroma/http/http.ex +++ b/lib/pleroma/http/http.ex @@ -19,9 +19,10 @@ defmodule Pleroma.HTTP do end end - def process_request_options(options) do + defp process_request_options(options) do config = Application.get_env(:pleroma, :http, []) proxy = Keyword.get(config, :proxy_url, nil) + options = options ++ [hackney: [pool: :default]] case proxy do nil -> options -- cgit v1.2.3 From 26eb11c172e2de2db0f4c51a9df5f0369fb37a95 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 26 Oct 2018 06:16:51 +0000 Subject: activitypub: add support for filtering broken threads out of timelines --- lib/pleroma/web/activity_pub/activity_pub.ex | 33 ++++++++++++++++++++++ .../web/mastodon_api/mastodon_api_controller.ex | 1 + .../web/twitter_api/twitter_api_controller.ex | 4 ++- 3 files changed, 37 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index fc191addf..173ca688d 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -787,4 +787,37 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do y = activity.data["to"] ++ (activity.data["cc"] || []) visible_for_user?(activity, nil) || Enum.any?(x, &(&1 in y)) end + + # guard + def entire_thread_visible_for_user?(nil, user), do: false + + # child + def entire_thread_visible_for_user?( + %Activity{data: %{"object" => %{"inReplyTo" => _parent_id}}} = tail, + user + ) do + parent = Activity.get_in_reply_to_activity(tail) + visible_for_user?(tail, user) && entire_thread_visible_for_user?(parent, user) + end + + # root + def entire_thread_visible_for_user?(tail, user), do: visible_for_user?(tail, user) + + # filter out broken threads + def contain_broken_threads(%Activity{} = activity, %User{} = user) do + entire_thread_visible_for_user?(activity, user) + end + + # do post-processing on a specific activity + def contain_activity(%Activity{} = activity, %User{} = user) do + contain_broken_threads(activity, user) + end + + # do post-processing on a timeline + def contain_timeline(timeline, user) do + timeline + |> Enum.filter(fn activity -> + contain_activity(activity, user) + end) + end end diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 751698ca8..bc7558cb8 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -223,6 +223,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do activities = ActivityPub.fetch_activities([user.ap_id | user.following], params) + |> ActivityPub.contain_timeline(user) |> Enum.reverse() conn diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index c6637e38d..4fc32b50c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -79,7 +79,9 @@ defmodule Pleroma.Web.TwitterAPI.Controller do |> Map.put("blocking_user", user) |> Map.put("user", user) - activities = ActivityPub.fetch_activities([user.ap_id | user.following], params) + activities = + ActivityPub.fetch_activities([user.ap_id | user.following], params) + |> ActivityPub.contain_timeline(user) conn |> render(ActivityView, "index.json", %{activities: activities, for: user}) -- cgit v1.2.3 From c302c619b957bab54fcc23a867d8949e42b102e5 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 26 Oct 2018 06:38:08 +0000 Subject: http: fix mediaproxy --- lib/pleroma/http/http.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/http/http.ex b/lib/pleroma/http/http.ex index f222e1774..e64266ae7 100644 --- a/lib/pleroma/http/http.ex +++ b/lib/pleroma/http/http.ex @@ -19,7 +19,7 @@ defmodule Pleroma.HTTP do end end - defp process_request_options(options) do + def process_request_options(options) do config = Application.get_env(:pleroma, :http, []) proxy = Keyword.get(config, :proxy_url, nil) options = options ++ [hackney: [pool: :default]] -- cgit v1.2.3 From a494508320d2e2650a2c09ae53b212b8c1ab7bd3 Mon Sep 17 00:00:00 2001 From: Greizgh Date: Sat, 27 Oct 2018 14:31:51 +0200 Subject: Cleanup postgresql setup script Drop unused CREATEDB privilege. Do not try to handle multiple run. --- lib/mix/tasks/sample_psql.eex | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/sample_psql.eex b/lib/mix/tasks/sample_psql.eex index bc22f166c..b6f57948b 100644 --- a/lib/mix/tasks/sample_psql.eex +++ b/lib/mix/tasks/sample_psql.eex @@ -1,8 +1,5 @@ -CREATE USER pleroma WITH ENCRYPTED PASSWORD '<%= dbpass %>' CREATEDB; --- in case someone runs this second time accidentally -ALTER USER pleroma WITH ENCRYPTED PASSWORD '<%= dbpass %>' CREATEDB; -CREATE DATABASE pleroma_dev; -ALTER DATABASE pleroma_dev OWNER TO pleroma; +CREATE USER pleroma WITH ENCRYPTED PASSWORD '<%= dbpass %>'; +CREATE DATABASE pleroma_dev OWNER pleroma; \c pleroma_dev; --Extensions made by ecto.migrate that need superuser access CREATE EXTENSION IF NOT EXISTS citext; -- cgit v1.2.3 From 72ea54de6e74084d69594c544bcddcc0a991603a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 28 Oct 2018 05:45:33 +0000 Subject: activitypub: fix possible false positives with broken thread filtering --- lib/pleroma/web/activity_pub/activity_pub.ex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 173ca688d..4b8b6eb52 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -793,9 +793,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # child def entire_thread_visible_for_user?( - %Activity{data: %{"object" => %{"inReplyTo" => _parent_id}}} = tail, + %Activity{data: %{"object" => %{"inReplyTo" => parent_id}}} = tail, user - ) do + ) + when is_binary(parent_id) do parent = Activity.get_in_reply_to_activity(tail) visible_for_user?(tail, user) && entire_thread_visible_for_user?(parent, user) end -- cgit v1.2.3 From 69192f36ff617d237481c401850171bf79a2f547 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 28 Oct 2018 19:47:56 +0000 Subject: mix tasks: add new task to unsubscribe all users from, and then ban a remote user (e.g. followbots) --- lib/mix/tasks/unsubscribe_user.ex | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 lib/mix/tasks/unsubscribe_user.ex (limited to 'lib') diff --git a/lib/mix/tasks/unsubscribe_user.ex b/lib/mix/tasks/unsubscribe_user.ex new file mode 100644 index 000000000..bb72634b6 --- /dev/null +++ b/lib/mix/tasks/unsubscribe_user.ex @@ -0,0 +1,32 @@ +defmodule Mix.Tasks.UnsubscribeUser do + use Mix.Task + alias Pleroma.{User, Repo} + require Logger + + @shortdoc "Unsubscribe all users from a target and then deactivate them" + def run([nickname]) do + Mix.Task.run("app.start") + + with %User{} = user <- User.get_by_nickname(nickname) do + Logger.info("Deactivating #{user.nickname}") + User.deactivate(user) + + {:ok, friends} = User.get_friends(user) + + Enum.each(friends, fn friend -> + user = Repo.get(User, user.id) + + Logger.info("Unsubscribing #{friend.nickname} from #{user.nickname}") + User.unfollow(user, friend) + end) + + :timer.sleep(500) + + user = Repo.get(User, user.id) + + if length(user.following) == 0 do + Logger.info("Successfully unsubscribed all followers from #{user.nickname}") + end + end + end +end -- cgit v1.2.3 From 5c6ec2d9fc0bd9e6b49906ea58f163264c37a54e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 15:19:32 +0000 Subject: twitter/mastodon api: always use mediaproxy URLs in attachments if using local media, the mediaproxy will not replace the URL anyway. --- lib/pleroma/web/mastodon_api/views/status_view.ex | 6 +++--- lib/pleroma/web/twitter_api/twitter_api.ex | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 8ffaf8466..80e80c8f5 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -166,7 +166,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do def render("attachment.json", %{attachment: attachment}) do [attachment_url | _] = attachment["url"] media_type = attachment_url["mediaType"] || attachment_url["mimeType"] || "image" - href = attachment_url["href"] + href = attachment_url["href"] |> MediaProxy.url() type = cond do @@ -180,9 +180,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do %{ id: to_string(attachment["id"] || hash_id), - url: MediaProxy.url(href), + url: href, remote_url: href, - preview_url: MediaProxy.url(href), + preview_url: href, text_url: href, type: type, description: attachment["name"] diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 3747285da..cb483df9d 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -3,6 +3,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.TwitterAPI.UserView alias Pleroma.Web.{OStatus, CommonAPI} + alias Pleroma.Web.MediaProxy import Ecto.Query @instance Application.get_env(:pleroma, :instance) @@ -97,7 +98,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do {:ok, object} = ActivityPub.upload(file) url = List.first(object.data["url"]) - href = url["href"] + href = url["href"] |> MediaProxy.url() type = url["mediaType"] case format do -- cgit v1.2.3 From fa483cd7c211ba7d755d307f095bde31efdb81d4 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 16:29:46 +0000 Subject: upload: add new optional argument designating an upload size limit --- lib/pleroma/upload.ex | 111 ++++++++++++++++++++++++++++---------------------- 1 file changed, 63 insertions(+), 48 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index f188a5f32..2293ff54e 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -4,61 +4,76 @@ defmodule Pleroma.Upload do @storage_backend Application.get_env(:pleroma, Pleroma.Upload) |> Keyword.fetch!(:uploader) - def store(%Plug.Upload{} = file, should_dedupe) do + def check_file_size(path, nil), do: true + + def check_file_size(path, size_limit) do + {:ok, %{size: size}} = File.stat(path) + size <= size_limit + end + + def store(file, should_dedupe, size_limit \\ nil) + + def store(%Plug.Upload{} = file, should_dedupe, size_limit) do content_type = get_content_type(file.path) - uuid = get_uuid(file, should_dedupe) - name = get_name(file, uuid, content_type, should_dedupe) - - strip_exif_data(content_type, file.path) - - {:ok, url_path} = - @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) - - %{ - "type" => "Document", - "url" => [ - %{ - "type" => "Link", - "mediaType" => content_type, - "href" => url_path - } - ], - "name" => name - } + with uuid <- get_uuid(file, should_dedupe), + name <- get_name(file, uuid, content_type, should_dedupe), + true <- check_file_size(file.path, size_limit) do + strip_exif_data(content_type, file.path) + + {:ok, url_path} = + @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) + + %{ + "type" => "Document", + "url" => [ + %{ + "type" => "Link", + "mediaType" => content_type, + "href" => url_path + } + ], + "name" => name + } + else + _e -> nil + end end - def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do + def store(%{"img" => "data:image/" <> image_data}, should_dedupe, size_limit) do parsed = Regex.named_captures(~r/(?jpeg|png|gif);base64,(?.*)/, image_data) data = Base.decode64!(parsed["data"], ignore: :whitespace) - tmp_path = tempfile_for_image(data) - - uuid = UUID.generate() - - content_type = get_content_type(tmp_path) - strip_exif_data(content_type, tmp_path) - - name = - create_name( - String.downcase(Base.encode16(:crypto.hash(:sha256, data))), - parsed["filetype"], - content_type - ) - - {:ok, url_path} = @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) - - %{ - "type" => "Image", - "url" => [ - %{ - "type" => "Link", - "mediaType" => content_type, - "href" => url_path - } - ], - "name" => name - } + with tmp_path <- tempfile_for_image(data), + uuid <- UUID.generate(), + true <- check_file_size(tmp_path, size_limit) do + content_type = get_content_type(tmp_path) + strip_exif_data(content_type, tmp_path) + + name = + create_name( + String.downcase(Base.encode16(:crypto.hash(:sha256, data))), + parsed["filetype"], + content_type + ) + + {:ok, url_path} = + @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) + + %{ + "type" => "Image", + "url" => [ + %{ + "type" => "Link", + "mediaType" => content_type, + "href" => url_path + } + ], + "name" => name + } + else + _e -> nil + end end @doc """ -- cgit v1.2.3 From 167d3789a5a334859dfb9bf1612bdfc993032667 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 16:30:12 +0000 Subject: activitypub: upload: pass through an upload limit if one is provided --- lib/pleroma/web/activity_pub/activity_pub.ex | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 4b8b6eb52..537b99f31 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -575,9 +575,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> Enum.reverse() end - def upload(file) do - data = Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media]) - Repo.insert(%Object{data: data}) + def upload(file, size_limit \\ nil) do + with data <- + Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media], size_limit), + false <- is_nil(data) do + Repo.insert(%Object{data: data}) + end end def user_data_from_user_object(data) do -- cgit v1.2.3 From e12489e2fee6d757e432aadf2c49dbd10c70eef2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 16:36:51 +0000 Subject: twitter api: enforce upload limits for avatars, banners and backgrounds --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 4fc32b50c..7153a2bd6 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -263,7 +263,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def update_avatar(%{assigns: %{user: user}} = conn, params) do - {:ok, object} = ActivityPub.upload(params) + upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:avatar_upload_limit) + + {:ok, object} = ActivityPub.upload(params, upload_limit) change = Changeset.change(user, %{avatar: object.data}) {:ok, user} = User.update_and_set_cache(change) CommonAPI.update(user) @@ -272,7 +276,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def update_banner(%{assigns: %{user: user}} = conn, params) do - with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}), + upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:banner_upload_limit) + + with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}, upload_limit), new_info <- Map.put(user.info, "banner", object.data), change <- User.info_changeset(user, %{info: new_info}), {:ok, user} <- User.update_and_set_cache(change) do @@ -286,7 +294,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def update_background(%{assigns: %{user: user}} = conn, params) do - with {:ok, object} <- ActivityPub.upload(params), + upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:background_upload_limit) + + with {:ok, object} <- ActivityPub.upload(params, upload_limit), new_info <- Map.put(user.info, "background", object.data), change <- User.info_changeset(user, %{info: new_info}), {:ok, _user} <- User.update_and_set_cache(change) do -- cgit v1.2.3 From 181f3bb56a0bc0211ddd2e8f215d93973222b405 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 16:39:00 +0000 Subject: mastodon api: enforce upload limits for avatars and banners --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index bc7558cb8..e03027be7 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -35,6 +35,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def update_credentials(%{assigns: %{user: user}} = conn, params) do original_user = user + avatar_upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:avatar_upload_limit) + + banner_upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:banner_upload_limit) + params = if bio = params["note"] do Map.put(params, "bio", bio) @@ -52,7 +60,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do user = if avatar = params["avatar"] do with %Plug.Upload{} <- avatar, - {:ok, object} <- ActivityPub.upload(avatar), + {:ok, object} <- ActivityPub.upload(avatar, avatar_upload_limit), change = Ecto.Changeset.change(user, %{avatar: object.data}), {:ok, user} = User.update_and_set_cache(change) do user @@ -66,7 +74,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do user = if banner = params["header"] do with %Plug.Upload{} <- banner, - {:ok, object} <- ActivityPub.upload(banner), + {:ok, object} <- ActivityPub.upload(banner, banner_upload_limit), new_info <- Map.put(user.info, "banner", object.data), change <- User.info_changeset(user, %{info: new_info}), {:ok, user} <- User.update_and_set_cache(change) do -- cgit v1.2.3 From 784b3a615d57e7b77b1ec2cafe27ae59281cbc6b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 17:26:15 +0000 Subject: utils: fix another possible leak with private S3 backends using mediaproxy same rationale as the other mediaproxy changes --- lib/pleroma/web/common_api/utils.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 4cbbd0c7d..ed1fe1ad9 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -2,6 +2,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.{Repo, Object, Formatter, Activity} alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.Endpoint + alias Pleroma.Web.MediaProxy alias Pleroma.User alias Calendar.Strftime alias Comeonin.Pbkdf2 @@ -90,6 +91,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do Enum.map(attachments, fn %{"url" => [%{"href" => href} | _]} -> name = URI.decode(Path.basename(href)) + href = MediaProxy.url(href) "#{shortname(name)}" _ -> -- cgit v1.2.3 From f407831120318dcd8fa5b31f39137cdb1ee87519 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 17:59:24 +0000 Subject: common api: prefer formatting attachments using the attachment's name instead of URI --- lib/pleroma/web/common_api/utils.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index ed1fe1ad9..2a5a2cc15 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -89,8 +89,8 @@ defmodule Pleroma.Web.CommonAPI.Utils do def add_attachments(text, attachments) do attachment_text = Enum.map(attachments, fn - %{"url" => [%{"href" => href} | _]} -> - name = URI.decode(Path.basename(href)) + %{"url" => [%{"href" => href} | _]} = attachment -> + name = attachment["name"] || URI.decode(Path.basename(href)) href = MediaProxy.url(href) "#{shortname(name)}" -- cgit v1.2.3 From 36825932eb04d9db3e2d24b02368d7dd709dea23 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 18:00:59 +0000 Subject: s3 uploader: add new feature to force public attachment URIs to go through media proxy --- lib/pleroma/uploaders/s3.ex | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index 87322753d..40a836460 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -1,10 +1,13 @@ defmodule Pleroma.Uploaders.S3 do + alias Pleroma.Web.MediaProxy + @behaviour Pleroma.Uploaders.Uploader def put_file(name, uuid, path, content_type, _should_dedupe) do settings = Application.get_env(:pleroma, Pleroma.Uploaders.S3) bucket = Keyword.fetch!(settings, :bucket) public_endpoint = Keyword.fetch!(settings, :public_endpoint) + force_media_proxy = Keyword.fetch!(settings, :force_media_proxy) {:ok, file_data} = File.read(path) @@ -19,7 +22,16 @@ defmodule Pleroma.Uploaders.S3 do ]) |> ExAws.request() - {:ok, "#{public_endpoint}/#{bucket}/#{s3_name}"} + url_base = "#{public_endpoint}/#{bucket}/#{s3_name}" + + public_url = + if force_media_proxy do + MediaProxy.url(url_base) + else + url_base + end + + {:ok, public_url} end defp encode(name) do -- cgit v1.2.3 From 676c97b8c7c79c6f96fce1366fc79c73a251ec4f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 20:07:52 +0000 Subject: nodeinfo: expose configured upload limits --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 59b0ce3e1..5446179cb 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -113,6 +113,12 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do staffAccounts: staff_accounts, federation: federation_response, postFormats: Keyword.get(instance, :allowed_post_formats), + uploadLimits: %{ + general: Keyword.get(instance, :upload_limit), + avatar: Keyword.get(instance, :avatar_upload_limit), + banner: Keyword.get(instance, :banner_upload_limit), + background: Keyword.get(instance, :background_upload_limit) + }, features: features } } -- cgit v1.2.3 From b92e38d2d4c05da19b00162d7ca35f1905b44a80 Mon Sep 17 00:00:00 2001 From: scarlett Date: Mon, 29 Oct 2018 23:08:56 +0000 Subject: Add user reactivation task. --- lib/mix/tasks/deactivate_user.ex | 2 +- lib/mix/tasks/reactivate_user.ex | 13 +++++++++++++ lib/pleroma/user.ex | 4 ++-- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- 4 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 lib/mix/tasks/reactivate_user.ex (limited to 'lib') diff --git a/lib/mix/tasks/deactivate_user.ex b/lib/mix/tasks/deactivate_user.ex index 96b3db6e4..f18541787 100644 --- a/lib/mix/tasks/deactivate_user.ex +++ b/lib/mix/tasks/deactivate_user.ex @@ -2,7 +2,7 @@ defmodule Mix.Tasks.DeactivateUser do use Mix.Task alias Pleroma.User - @shortdoc "Toggle deactivation status for a user" + @shortdoc "Deactivate a user" def run([nickname]) do Mix.Task.run("app.start") diff --git a/lib/mix/tasks/reactivate_user.ex b/lib/mix/tasks/reactivate_user.ex new file mode 100644 index 000000000..40bd068ea --- /dev/null +++ b/lib/mix/tasks/reactivate_user.ex @@ -0,0 +1,13 @@ +defmodule Mix.Tasks.ReactivateUser do + use Mix.Task + alias Pleroma.User + + @shortdoc "Reactivate a user" + def run([nickname]) do + Mix.Task.run("app.start") + + with user <- User.get_by_nickname(nickname) do + User.deactivate(user, false) + end + end +end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 0c9fa559a..bb5b91c61 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -622,8 +622,8 @@ defmodule Pleroma.User do ) end - def deactivate(%User{} = user) do - new_info = Map.put(user.info, "deactivated", true) + def deactivate(%User{} = user, status \\ true) do + new_info = Map.put(user.info, "deactivated", status) cs = User.info_changeset(user, %{info: new_info}) update_and_set_cache(cs) end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 537b99f31..5a81f6fa2 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -44,7 +44,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp check_actor_is_active(actor) do if not is_nil(actor) do with user <- User.get_cached_by_ap_id(actor), - nil <- user.info["deactivated"] do + false <- !!user.info["deactivated"] do :ok else _e -> :reject -- cgit v1.2.3 From 795634c90f2cabbf366b9caf8fa6efd2870c1cb6 Mon Sep 17 00:00:00 2001 From: scarlett Date: Tue, 30 Oct 2018 21:40:06 +0000 Subject: Allow use of the `abbr` HTML tag. --- lib/pleroma/html.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index a7338eac3..00b26963d 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -91,6 +91,8 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes) Meta.allow_tag_with_these_attributes("a", ["name", "title"]) + Meta.allow_tag_with_these_attributes("abbr", ["title"]) + Meta.allow_tag_with_these_attributes("b", []) Meta.allow_tag_with_these_attributes("blockquote", []) Meta.allow_tag_with_these_attributes("br", []) -- cgit v1.2.3 From 47f76bf4b1ad314eb139ba4e79dc37732324ad36 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Wed, 31 Oct 2018 22:29:49 +0000 Subject: common api: allow self-liking objects mastodon allows this, for whatever reason. closes #347. --- lib/pleroma/web/common_api/common_api.ex | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index f8fef219f..8f47bb127 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -36,7 +36,6 @@ defmodule Pleroma.Web.CommonAPI do def favorite(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), - false <- activity.data["actor"] == user.ap_id, object <- Object.normalize(activity.data["object"]["id"]) do ActivityPub.like(user, object) else @@ -47,7 +46,6 @@ defmodule Pleroma.Web.CommonAPI do def unfavorite(id_or_ap_id, user) do with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id), - false <- activity.data["actor"] == user.ap_id, object <- Object.normalize(activity.data["object"]["id"]) do ActivityPub.unlike(user, object) else -- cgit v1.2.3 From 558e6a84d6750cc245e6656ab12e9e8bbb4f256c Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 1 Nov 2018 06:52:01 +0100 Subject: =?UTF-8?q?[Pleroma.Web.CommonAPI]:=20Delete=20post=20cache=20entr?= =?UTF-8?q?y=20when=20it=E2=80=99s=20deleted?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes: https://git.pleroma.social/pleroma/pleroma/issues/346 --- lib/pleroma/web/common_api/common_api.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 8f47bb127..8607cb6b3 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -9,7 +9,8 @@ defmodule Pleroma.Web.CommonAPI do with %Activity{data: %{"object" => %{"id" => object_id}}} <- Repo.get(Activity, activity_id), %Object{} = object <- Object.normalize(object_id), true <- user.info["is_moderator"] || user.ap_id == object.data["actor"], - {:ok, delete} <- ActivityPub.delete(object) do + {:ok, delete} <- ActivityPub.delete(object), + {:ok, true} <- Cachex.del(:user_cache, "object:#{object_id}") do {:ok, delete} end end -- cgit v1.2.3 From c4e43da63e03f66fd2feaa192c4d8192bbc3451c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 07:28:48 +0000 Subject: object: add safe object deletion function --- lib/pleroma/object.ex | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index 1bcff5a7b..8f96fd8fb 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -1,6 +1,6 @@ defmodule Pleroma.Object do use Ecto.Schema - alias Pleroma.{Repo, Object} + alias Pleroma.{Repo, Object, Activity} import Ecto.{Query, Changeset} schema "objects" do @@ -52,4 +52,12 @@ defmodule Pleroma.Object do def context_mapping(context) do Object.change(%Object{}, %{data: %{"id" => context}}) end + + def delete(%Object{data: %{"id" => id}} = object) do + with Repo.delete(object), + Repo.delete_all(Activity.all_non_create_by_object_ap_id_q(id)), + {:ok, true} <- Cachex.del(:user_cache, "object:#{id}") do + :ok + end + end end -- cgit v1.2.3 From 2bf358d7b47f3c2dda91b0ac638b6a068fb40a4c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 07:29:12 +0000 Subject: activitypub: use Object.delete() instead of mutating the database and cache directly --- lib/pleroma/web/activity_pub/activity_pub.ex | 3 +-- lib/pleroma/web/common_api/common_api.ex | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 5a81f6fa2..48ae36ebd 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -273,8 +273,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "to" => [user.follower_address, "https://www.w3.org/ns/activitystreams#Public"] } - with Repo.delete(object), - Repo.delete_all(Activity.all_non_create_by_object_ap_id_q(id)), + with Object.delete(object), {:ok, activity} <- insert(data, local), :ok <- maybe_federate(activity), {:ok, _actor} <- User.decrease_note_count(user) do diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 8607cb6b3..8f47bb127 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -9,8 +9,7 @@ defmodule Pleroma.Web.CommonAPI do with %Activity{data: %{"object" => %{"id" => object_id}}} <- Repo.get(Activity, activity_id), %Object{} = object <- Object.normalize(object_id), true <- user.info["is_moderator"] || user.ap_id == object.data["actor"], - {:ok, delete} <- ActivityPub.delete(object), - {:ok, true} <- Cachex.del(:user_cache, "object:#{object_id}") do + {:ok, delete} <- ActivityPub.delete(object) do {:ok, delete} end end -- cgit v1.2.3 From 10f3958468e24ba49178a19435b189a6be0dabfb Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 07:47:50 +0000 Subject: object: return the deleted object as well --- lib/pleroma/object.ex | 2 +- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index 8f96fd8fb..fddf38450 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -57,7 +57,7 @@ defmodule Pleroma.Object do with Repo.delete(object), Repo.delete_all(Activity.all_non_create_by_object_ap_id_q(id)), {:ok, true} <- Cachex.del(:user_cache, "object:#{id}") do - :ok + {:ok, object} end end end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 48ae36ebd..32c14995f 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -273,7 +273,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "to" => [user.follower_address, "https://www.w3.org/ns/activitystreams#Public"] } - with Object.delete(object), + with {:ok, _} <- Object.delete(object), {:ok, activity} <- insert(data, local), :ok <- maybe_federate(activity), {:ok, _actor} <- User.decrease_note_count(user) do -- cgit v1.2.3 From 2c3bfd7f76c2154ada70f1167023752e06ee595f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 07:52:58 +0000 Subject: user: delete user_info data in User.invalidate_cache() --- lib/pleroma/user.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index bb5b91c61..f724f8a5b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -295,6 +295,7 @@ defmodule Pleroma.User do def invalidate_cache(user) do Cachex.del(:user_cache, "ap_id:#{user.ap_id}") Cachex.del(:user_cache, "nickname:#{user.nickname}") + Cachex.del(:user_cache, "user_info:#{user.id}") end def get_cached_by_ap_id(ap_id) do -- cgit v1.2.3 From f584a603f95f95c7c8d2c1897b24b5c7399f4f74 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 07:56:21 +0000 Subject: user: make User.delete() return data consistent with Object.delete() --- lib/mix/tasks/rm_user.ex | 2 +- lib/pleroma/user.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/rm_user.ex b/lib/mix/tasks/rm_user.ex index 27521b745..b7c922d6c 100644 --- a/lib/mix/tasks/rm_user.ex +++ b/lib/mix/tasks/rm_user.ex @@ -7,7 +7,7 @@ defmodule Mix.Tasks.RmUser do Mix.Task.run("app.start") with %User{local: true} = user <- User.get_by_nickname(nickname) do - User.delete(user) + {:ok, _} = User.delete(user) end end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index f724f8a5b..b2f59ab6b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -657,7 +657,7 @@ defmodule Pleroma.User do end end) - :ok + {:ok, user} end def html_filter_policy(%User{info: %{"no_rich_text" => true}}) do -- cgit v1.2.3 From 2b3a40d0383f2ea79c1704c7700ff4d3e5f3c17a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 08:30:10 +0000 Subject: object: split object_cache from user_cache --- lib/pleroma/application.ex | 30 +++++++++++++++++++++++------- lib/pleroma/object.ex | 4 ++-- 2 files changed, 25 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index a89728471..a6b921b45 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -16,14 +16,30 @@ defmodule Pleroma.Application do supervisor(Pleroma.Web.Endpoint, []), # Start your own worker by calling: Pleroma.Worker.start_link(arg1, arg2, arg3) # worker(Pleroma.Worker, [arg1, arg2, arg3]), - worker(Cachex, [ - :user_cache, + worker( + Cachex, [ - default_ttl: 25000, - ttl_interval: 1000, - limit: 2500 - ] - ]), + :user_cache, + [ + default_ttl: 25000, + ttl_interval: 1000, + limit: 2500 + ] + ], + id: :cachex_user + ), + worker( + Cachex, + [ + :object_cache, + [ + default_ttl: 25000, + ttl_interval: 1000, + limit: 2500 + ] + ], + id: :cachex_object + ), worker( Cachex, [ diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index fddf38450..067ecfaf4 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -37,7 +37,7 @@ defmodule Pleroma.Object do else key = "object:#{ap_id}" - Cachex.fetch!(:user_cache, key, fn _ -> + Cachex.fetch!(:object_cache, key, fn _ -> object = get_by_ap_id(ap_id) if object do @@ -56,7 +56,7 @@ defmodule Pleroma.Object do def delete(%Object{data: %{"id" => id}} = object) do with Repo.delete(object), Repo.delete_all(Activity.all_non_create_by_object_ap_id_q(id)), - {:ok, true} <- Cachex.del(:user_cache, "object:#{id}") do + {:ok, true} <- Cachex.del(:object_cache, "object:#{id}") do {:ok, object} end end -- cgit v1.2.3 From 755f166406afbe7def824139fb52d1bc442165b2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 1 Nov 2018 09:55:38 +0100 Subject: =?UTF-8?q?Pleroma.Web.MastodonAPI.StatusView:=20Do=20not=20fail?= =?UTF-8?q?=20when=20URL=20isn=E2=80=99t=20a=20string?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 80e80c8f5..1efd99470 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -240,7 +240,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do summary = object["name"] content = - if !!summary and summary != "" do + if !!summary and summary != "" and is_bitstring(object["url"]) do "

#{summary}

#{object["content"]}" else object["content"] -- cgit v1.2.3 From b2da5262eacf65b1f5fcb6c4f9e31561df1884dd Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 1 Nov 2018 09:56:37 +0100 Subject: Pleroma.Web.ActivityPub.Transmogrifier: fix_url when not a string/empty Thanks prismo.news, I hate it --- lib/pleroma/web/activity_pub/transmogrifier.ex | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index cbc800ad6..56918342c 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -57,6 +57,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do object |> fix_actor |> fix_attachments + |> fix_url |> fix_context |> fix_in_reply_to |> fix_emoji @@ -171,6 +172,27 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def fix_attachments(object), do: object + def fix_url(%{"url" => url} = object) when is_map(url) do + object + |> Map.put("url", url["href"]) + end + + def fix_url(%{"url" => url} = object) when is_list(url) do + first_element = Enum.at(url, 0) + + url_string = + cond do + is_bitstring(first_element) -> first_element + is_map(first_element) -> first_element["href"] || "" + true -> "" + end + + object + |> Map.put("url", url_string) + end + + def fix_url(object), do: object + def fix_emoji(%{"tag" => tags} = object) when is_list(tags) do emoji = tags |> Enum.filter(fn data -> data["type"] == "Emoji" and data["icon"] end) -- cgit v1.2.3 From 9b77030d3ca9530fbea05aeb2191915bb1c454cb Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 8 Sep 2018 14:01:00 +0200 Subject: Add basic configuration management module. --- lib/pleroma/config.ex | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 lib/pleroma/config.ex (limited to 'lib') diff --git a/lib/pleroma/config.ex b/lib/pleroma/config.ex new file mode 100644 index 000000000..510d8d498 --- /dev/null +++ b/lib/pleroma/config.ex @@ -0,0 +1,15 @@ +defmodule Pleroma.Config do + use Agent + + def start_link(initial) do + Agent.start_link(fn -> initial end, name: __MODULE__) + end + + def get(path) do + Agent.get(__MODULE__, Kernel, :get_in, [path]) + end + + def put(path, value) do + Agent.update(__MODULE__, Kernel, :put_in, [path, value]) + end +end -- cgit v1.2.3 From e6ec01afb648cb99e5fc4db3a64fe1ed74fd0105 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 8 Sep 2018 14:01:16 +0200 Subject: Start configuration manager. --- lib/pleroma/application.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index a6b921b45..f30fcd1e4 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -10,6 +10,7 @@ defmodule Pleroma.Application do # Define workers and child supervisors to be supervised children = [ + worker(Pleroma.Config, [Application.get_all_env(:pleroma)]), # Start the Ecto repository supervisor(Pleroma.Repo, []), # Start the endpoint when the application starts -- cgit v1.2.3 From 1e9ced5af478ba38c9e9d46140891a8f4473e02d Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 8 Sep 2018 14:02:38 +0200 Subject: Test Relay, switch to runtime configuration. --- lib/pleroma/web/activity_pub/activity_pub_controller.ex | 14 ++++++++++++++ lib/pleroma/web/federator/federator.ex | 5 +++-- lib/pleroma/web/router.ex | 9 +++------ 3 files changed, 20 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index a7b1c0079..531e98237 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -6,11 +6,25 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.Federator + alias Pleroma.Config require Logger action_fallback(:errors) + plug(:relay_active? when action in [:relay]) + + def relay_active?(conn, _) do + if Config.get([:instance, :allow_relay]) do + conn + else + conn + |> put_status(404) + |> json(%{error: "not found"}) + |> halt + end + end + def user(conn, %{"nickname" => nickname}) do with %User{} = user <- User.get_cached_by_nickname(nickname), {:ok, user} <- Pleroma.Web.WebFinger.ensure_keys_present(user) do diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 078f3ec11..9ea2507a1 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.Federator do alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Config require Logger @websub Application.get_env(:pleroma, :websub) @@ -71,9 +72,9 @@ defmodule Pleroma.Web.Federator do Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end) Pleroma.Web.Salmon.publish(actor, activity) - if Mix.env() != :test do + if Config.get([:instance, :allow_relay]) do Logger.info(fn -> "Relaying #{activity.data["id"]} out" end) - Pleroma.Web.ActivityPub.Relay.publish(activity) + Relay.publish(activity) end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b531b6188..7b7affe5e 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -5,7 +5,6 @@ defmodule Pleroma.Web.Router do @instance Application.get_env(:pleroma, :instance) @federating Keyword.get(@instance, :federating) - @allow_relay Keyword.get(@instance, :allow_relay) @public Keyword.get(@instance, :public) @registrations_open Keyword.get(@instance, :registrations_open) @@ -354,11 +353,9 @@ defmodule Pleroma.Web.Router do end if @federating do - if @allow_relay do - scope "/relay", Pleroma.Web.ActivityPub do - pipe_through(:ap_relay) - get("/", ActivityPubController, :relay) - end + scope "/relay", Pleroma.Web.ActivityPub do + pipe_through(:ap_relay) + get("/", ActivityPubController, :relay) end scope "/", Pleroma.Web.ActivityPub do -- cgit v1.2.3 From 585b29337ce66eb2c574e71588db542044574609 Mon Sep 17 00:00:00 2001 From: Lee Starnes Date: Fri, 12 Oct 2018 00:19:43 -0500 Subject: Ensure filters have a filter_id --- lib/pleroma/filter.ex | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/filter.ex b/lib/pleroma/filter.ex index fe904df3a..25ed38f34 100644 --- a/lib/pleroma/filter.ex +++ b/lib/pleroma/filter.ex @@ -36,6 +36,34 @@ defmodule Pleroma.Filter do Repo.all(query) end + def create(%Pleroma.Filter{user_id: user_id, filter_id: nil} = filter) do + # If filter_id wasn't given, use the max filter_id for this user plus 1. + # XXX This could result in a race condition if a user tries to add two + # different filters for their account from two different clients at the + # same time, but that should be unlikely. + + max_id_query = + from( + f in Pleroma.Filter, + where: f.user_id == ^user_id, + select: max(f.filter_id) + ) + + filter_id = + case Repo.one(max_id_query) do + # Start allocating from 1 + nil -> + 1 + + max_id -> + max_id + 1 + end + + filter + |> Map.put(:filter_id, filter_id) + |> Repo.insert() + end + def create(%Pleroma.Filter{} = filter) do Repo.insert(filter) end -- cgit v1.2.3 From 9f03b5c4f773d0ee969a100c30bd6c1a885bebc5 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 09:40:47 +0000 Subject: activitypub: transmogrifier: add support for Page objects --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- lib/pleroma/web/activity_pub/utils.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 56918342c..5bc151b97 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -263,7 +263,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do # - tags # - emoji def handle_incoming(%{"type" => "Create", "object" => %{"type" => objtype} = object} = data) - when objtype in ["Article", "Note", "Video"] do + when objtype in ["Article", "Note", "Video", "Page"] do actor = get_actor(data) data = diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index d6ac2dd8c..3362d9325 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -175,7 +175,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do Inserts a full object if it is contained in an activity. """ def insert_full_object(%{"object" => %{"type" => type} = object_data}) - when is_map(object_data) and type in ["Article", "Note", "Video"] do + when is_map(object_data) and type in ["Article", "Note", "Video", "Page"] do with {:ok, _} <- Object.create(object_data) do :ok end -- cgit v1.2.3 From 4d8f0761258e0ea7cfca2f4f93b47e55bb657c66 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 10:00:16 +0000 Subject: mastodon api: add support for rendering Page objects --- lib/pleroma/web/mastodon_api/views/status_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 1efd99470..27fe23594 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -236,7 +236,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do content end - def render_content(%{"type" => "Article"} = object) do + def render_content(%{"type" => object_type} = object) when object_type in ["Article", "Page"] do summary = object["name"] content = -- cgit v1.2.3 From 24ba08de13ef8c0cb4330a613758d006453dfec3 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 1 Nov 2018 10:01:35 +0000 Subject: twitter api: add support for rendering Page objects --- lib/pleroma/web/twitter_api/views/activity_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index fb97f199b..8e8b3f5ed 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -283,7 +283,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do {summary, content} end - def render_content(%{"type" => "Article"} = object) do + def render_content(%{"type" => object_type} = object) when object_type in ["Article", "Page"] do summary = object["name"] || object["summary"] content = -- cgit v1.2.3 From 3c7d4ff27100420f69e68fb256a2181a1a35a4a7 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 1 Nov 2018 15:07:27 +0100 Subject: Pleroma.Web.TwitterAPI.ActivityView: Harden TwitterAPI against remnant of prismo --- lib/pleroma/web/twitter_api/views/activity_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 8e8b3f5ed..83e8fb765 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -287,7 +287,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do summary = object["name"] || object["summary"] content = - if !!summary and summary != "" do + if !!summary and summary != "" and is_bitstring(object["url"]) do "

#{summary}

#{object["content"]}" else object["content"] -- cgit v1.2.3 From 45ebc8dd9a27ae862aad1c8251a71b95a2c3be17 Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 2 Nov 2018 17:33:51 +0100 Subject: Check for empty string in_reply_to ids. --- lib/pleroma/web/common_api/utils.ex | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 2a5a2cc15..b22c4cc03 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -19,6 +19,8 @@ defmodule Pleroma.Web.CommonAPI.Utils do end end + def get_replied_to_activity(""), do: nil + def get_replied_to_activity(id) when not is_nil(id) do Repo.get(Activity, id) end -- cgit v1.2.3 From 0cca7edbe065b2b1aa5f81bad72025f73cae5cf8 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 2 Nov 2018 19:38:57 +0000 Subject: Fix hashtag search When we lowercase the search it will succesfully do a case insenstive match. Now #Linux will match #linux and #LINUX whereas previously it would only match the exact case. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e03027be7..f6cf081fd 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -508,6 +508,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Map.put("type", "Create") |> Map.put("local_only", local_only) |> Map.put("blocking_user", user) + |> Map.put("tag", String.downcase(params["tag"])) activities = ActivityPub.fetch_public_activities(params) -- cgit v1.2.3 From e954cfcc2c9e9b36bf31dc0bdbc90b1f8a2d47ce Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 3 Nov 2018 13:38:01 +0100 Subject: Add CORSPlug to make web-based OAuth easier. --- lib/pleroma/web/endpoint.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 955bd61f3..6673ab576 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -56,6 +56,7 @@ defmodule Pleroma.Web.Endpoint do extra: "SameSite=Strict" ) + plug(CORSPlug) plug(Pleroma.Web.Router) @doc """ -- cgit v1.2.3 From 3e50bb667f7b09482a6635634346708e9eab5ce6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 15:13:57 +0100 Subject: =?UTF-8?q?Pleroma.Web.MastodonAPI.StatusView:=20Content=20isn?= =?UTF-8?q?=E2=80=99t=20nullable?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/web/mastodon_api/views/status_view.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 27fe23594..2d9a915f0 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -61,7 +61,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do in_reply_to_id: nil, in_reply_to_account_id: nil, reblog: reblogged, - content: reblogged[:content], + content: reblogged[:content] || "", created_at: created_at, reblogs_count: 0, replies_count: 0, @@ -230,7 +230,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do if !!name and name != "" do "

#{name}

#{object["content"]}" else - object["content"] + object["content"] || "" end content @@ -243,11 +243,11 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do if !!summary and summary != "" and is_bitstring(object["url"]) do "

#{summary}

#{object["content"]}" else - object["content"] + object["content"] || "" end content end - def render_content(object), do: object["content"] + def render_content(object), do: object["content"] || "" end -- cgit v1.2.3 From 763fc7b44fb5931f1a2f869d4c67a5ca9a0b5206 Mon Sep 17 00:00:00 2001 From: href Date: Mon, 5 Nov 2018 13:24:00 +0100 Subject: Runtime configured emojis The changes are a bit heavy since the emojis were loaded into module attributes from filesystem. This introduces a GenServer using an ETS table to cache in memory the emojis, and allows a runtime-reload with `Pleroma.Emoji.reload()`. --- lib/pleroma/application.ex | 9 +- lib/pleroma/emoji.ex | 193 +++++++++++++++++++++ lib/pleroma/formatter.ex | 126 +------------- .../web/mastodon_api/mastodon_api_controller.ex | 2 +- .../web/twitter_api/controllers/util_controller.ex | 4 +- 5 files changed, 206 insertions(+), 128 deletions(-) create mode 100644 lib/pleroma/emoji.ex (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index f30fcd1e4..607a0144c 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -13,8 +13,7 @@ defmodule Pleroma.Application do worker(Pleroma.Config, [Application.get_all_env(:pleroma)]), # Start the Ecto repository supervisor(Pleroma.Repo, []), - # Start the endpoint when the application starts - supervisor(Pleroma.Web.Endpoint, []), + worker(Pleroma.Emoji, []), # Start your own worker by calling: Pleroma.Worker.start_link(arg1, arg2, arg3) # worker(Pleroma.Worker, [arg1, arg2, arg3]), worker( @@ -57,8 +56,10 @@ defmodule Pleroma.Application do id: :cachex_idem ), worker(Pleroma.Web.Federator, []), - worker(Pleroma.Gopher.Server, []), - worker(Pleroma.Stats, []) + worker(Pleroma.Stats, []), + # Start the endpoint when the application starts + supervisor(Pleroma.Web.Endpoint, []), + worker(Pleroma.Gopher.Server, []) ] ++ if Mix.env() == :test, do: [], diff --git a/lib/pleroma/emoji.ex b/lib/pleroma/emoji.ex new file mode 100644 index 000000000..cc9713b53 --- /dev/null +++ b/lib/pleroma/emoji.ex @@ -0,0 +1,193 @@ +defmodule Pleroma.Emoji do + @moduledoc """ + The emojis are loaded from: + + * the built-in Finmojis (if enabled in configuration), + * the files: `config/emoji.txt` and `config/custom_emoji.txt` + * glob paths + + This GenServer stores in an ETS table the list of the loaded emojis, and also allows to reload the list at runtime. + """ + use GenServer + @ets __MODULE__.Ets + @ets_options [:set, :protected, :named_table, {:read_concurrency, true}] + + @doc false + def start_link() do + GenServer.start_link(__MODULE__, [], name: __MODULE__) + end + + @doc "Reloads the emojis from disk." + @spec reload() :: :ok + def reload() do + GenServer.call(__MODULE__, :reload) + end + + @doc "Returns the path of the emoji `name`." + @spec get(String.t()) :: String.t() | nil + def get(name) do + case :ets.lookup(@ets, name) do + [{_, path}] -> path + _ -> nil + end + end + + @doc "Returns all the emojos!!" + @spec get_all() :: [{String.t(), String.t()}, ...] + def get_all() do + :ets.tab2list(@ets) + end + + @doc false + def init(_) do + @ets = :ets.new(@ets, @ets_options) + {:ok, nil, {:continue, :reload}} + end + + @doc false + def handle_continue(:reload, state) do + load() + {:noreply, state} + end + + @doc false + def handle_call(:reload, _from, state) do + load() + {:reply, :ok, state} + end + + @doc false + def terminate(_, _) do + :ok + end + + @doc false + def code_change(_old_vsn, state, _extra) do + load() + {:ok, state} + end + + defp load() do + emojis = + (load_finmoji(Keyword.get(Application.get_env(:pleroma, :instance), :finmoji_enabled)) ++ + load_from_file("config/emoji.txt") ++ + load_from_file("config/custom_emoji.txt") ++ + load_from_globs( + Keyword.get(Application.get_env(:pleroma, :emoji, []), :shortcode_globs, []) + )) + |> Enum.reject(fn value -> value == nil end) + + true = :ets.insert(@ets, emojis) + :ok + end + + @finmoji [ + "a_trusted_friend", + "alandislands", + "association", + "auroraborealis", + "baby_in_a_box", + "bear", + "black_gold", + "christmasparty", + "crosscountryskiing", + "cupofcoffee", + "education", + "fashionista_finns", + "finnishlove", + "flag", + "forest", + "four_seasons_of_bbq", + "girlpower", + "handshake", + "happiness", + "headbanger", + "icebreaker", + "iceman", + "joulutorttu", + "kaamos", + "kalsarikannit_f", + "kalsarikannit_m", + "karjalanpiirakka", + "kicksled", + "kokko", + "lavatanssit", + "losthopes_f", + "losthopes_m", + "mattinykanen", + "meanwhileinfinland", + "moominmamma", + "nordicfamily", + "out_of_office", + "peacemaker", + "perkele", + "pesapallo", + "polarbear", + "pusa_hispida_saimensis", + "reindeer", + "sami", + "sauna_f", + "sauna_m", + "sauna_whisk", + "sisu", + "stuck", + "suomimainittu", + "superfood", + "swan", + "the_cap", + "the_conductor", + "the_king", + "the_voice", + "theoriginalsanta", + "tomoffinland", + "torillatavataan", + "unbreakable", + "waiting", + "white_nights", + "woollysocks" + ] + defp load_finmoji(true) do + Enum.map(@finmoji, fn finmoji -> + {finmoji, "/finmoji/128px/#{finmoji}-128.png"} + end) + end + + defp load_finmoji(_), do: :ok + + defp load_from_file(file) do + if File.exists?(file) do + load_from_file_stream(File.stream!(file)) + else + [] + end + end + + defp load_from_file_stream(stream) do + stream + |> Stream.map(&String.strip/1) + |> Stream.map(fn line -> + case String.split(line, ~r/,\s*/) do + [name, file] -> {name, file} + _ -> nil + end + end) + |> Enum.to_list() + end + + defp load_from_globs(globs) do + static_path = Path.join(:code.priv_dir(:pleroma), "static") + + paths = + Enum.map(globs, fn glob -> + Path.join(static_path, glob) + |> Path.wildcard() + end) + |> Enum.concat() + + Enum.map(paths, fn path -> + shortcode = Path.basename(path, Path.extname(path)) + external_path = Path.join("/", Path.relative_to(path, static_path)) + {shortcode, external_path} + end) + end +end diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index ecc102b62..dd971df9b 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -2,6 +2,7 @@ defmodule Pleroma.Formatter do alias Pleroma.User alias Pleroma.Web.MediaProxy alias Pleroma.HTML + alias Pleroma.Emoji @tag_regex ~r/\#\w+/u def parse_tags(text, data \\ %{}) do @@ -28,125 +29,12 @@ defmodule Pleroma.Formatter do |> Enum.filter(fn {_match, user} -> user end) end - @finmoji [ - "a_trusted_friend", - "alandislands", - "association", - "auroraborealis", - "baby_in_a_box", - "bear", - "black_gold", - "christmasparty", - "crosscountryskiing", - "cupofcoffee", - "education", - "fashionista_finns", - "finnishlove", - "flag", - "forest", - "four_seasons_of_bbq", - "girlpower", - "handshake", - "happiness", - "headbanger", - "icebreaker", - "iceman", - "joulutorttu", - "kaamos", - "kalsarikannit_f", - "kalsarikannit_m", - "karjalanpiirakka", - "kicksled", - "kokko", - "lavatanssit", - "losthopes_f", - "losthopes_m", - "mattinykanen", - "meanwhileinfinland", - "moominmamma", - "nordicfamily", - "out_of_office", - "peacemaker", - "perkele", - "pesapallo", - "polarbear", - "pusa_hispida_saimensis", - "reindeer", - "sami", - "sauna_f", - "sauna_m", - "sauna_whisk", - "sisu", - "stuck", - "suomimainittu", - "superfood", - "swan", - "the_cap", - "the_conductor", - "the_king", - "the_voice", - "theoriginalsanta", - "tomoffinland", - "torillatavataan", - "unbreakable", - "waiting", - "white_nights", - "woollysocks" - ] - @instance Application.get_env(:pleroma, :instance) - @finmoji_with_filenames (if Keyword.get(@instance, :finmoji_enabled) do - Enum.map(@finmoji, fn finmoji -> - {finmoji, "/finmoji/128px/#{finmoji}-128.png"} - end) - else - [] - end) - - @emoji_from_file (with {:ok, default} <- File.read("config/emoji.txt") do - custom = - with {:ok, custom} <- File.read("config/custom_emoji.txt") do - custom - else - _e -> "" - end - - (default <> "\n" <> custom) - |> String.trim() - |> String.split(~r/\n+/) - |> Enum.map(fn line -> - [name, file] = String.split(line, ~r/,\s*/) - {name, file} - end) - else - _ -> [] - end) - - @emoji_from_globs ( - static_path = Path.join(:code.priv_dir(:pleroma), "static") - - globs = - Application.get_env(:pleroma, :emoji, []) - |> Keyword.get(:shortcode_globs, []) - - paths = - Enum.map(globs, fn glob -> - Path.join(static_path, glob) - |> Path.wildcard() - end) - |> Enum.concat() - - Enum.map(paths, fn path -> - shortcode = Path.basename(path, Path.extname(path)) - external_path = Path.join("/", Path.relative_to(path, static_path)) - {shortcode, external_path} - end) - ) - - @emoji @finmoji_with_filenames ++ @emoji_from_globs ++ @emoji_from_file + def emojify(text) do + emojify(text, Emoji.get_all()) + end - def emojify(text, emoji \\ @emoji) def emojify(text, nil), do: text def emojify(text, emoji) do @@ -166,15 +54,11 @@ defmodule Pleroma.Formatter do end def get_emoji(text) when is_binary(text) do - Enum.filter(@emoji, fn {emoji, _} -> String.contains?(text, ":#{emoji}:") end) + Enum.filter(Emoji.get_all(), fn {emoji, _} -> String.contains?(text, ":#{emoji}:") end) end def get_emoji(_), do: [] - def get_custom_emoji() do - @emoji - end - @link_regex ~r/[0-9a-z+\-\.]+:[0-9a-z$-_.+!*'(),]+/ui @uri_schemes Application.get_env(:pleroma, :uri_schemes, []) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f6cf081fd..e92114f57 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -158,7 +158,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end defp mastodonized_emoji do - Pleroma.Formatter.get_custom_emoji() + Pleroma.Emoji.get_all() |> Enum.map(fn {shortcode, relative_url} -> url = to_string(URI.merge(Web.base_url(), relative_url)) diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index 01cd17121..e84438e97 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -6,7 +6,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do alias Pleroma.Web.WebFinger alias Pleroma.Web.CommonAPI alias Comeonin.Pbkdf2 - alias Pleroma.Formatter + alias Pleroma.{Formatter, Emoji} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.{Repo, PasswordResetToken, User} @@ -212,7 +212,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end def emoji(conn, _params) do - json(conn, Enum.into(Formatter.get_custom_emoji(), %{})) + json(conn, Enum.into(Emoji.get_all(), %{})) end def follow_import(conn, %{"list" => %Plug.Upload{} = listfile}) do -- cgit v1.2.3 From d096bc17bf75b756f6c95250660c940419d01f41 Mon Sep 17 00:00:00 2001 From: href Date: Mon, 5 Nov 2018 14:05:04 +0100 Subject: revert endpoint position in supervision tree --- lib/pleroma/application.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 607a0144c..d4bc8f63d 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -14,6 +14,8 @@ defmodule Pleroma.Application do # Start the Ecto repository supervisor(Pleroma.Repo, []), worker(Pleroma.Emoji, []), + # Start the endpoint when the application starts + supervisor(Pleroma.Web.Endpoint, []), # Start your own worker by calling: Pleroma.Worker.start_link(arg1, arg2, arg3) # worker(Pleroma.Worker, [arg1, arg2, arg3]), worker( @@ -57,8 +59,6 @@ defmodule Pleroma.Application do ), worker(Pleroma.Web.Federator, []), worker(Pleroma.Stats, []), - # Start the endpoint when the application starts - supervisor(Pleroma.Web.Endpoint, []), worker(Pleroma.Gopher.Server, []) ] ++ if Mix.env() == :test, -- cgit v1.2.3 From 6fe23c54581437fbaa42d880b57b3464bb439ce4 Mon Sep 17 00:00:00 2001 From: href Date: Mon, 5 Nov 2018 15:19:03 +0100 Subject: Runtime configured router --- lib/pleroma/plugs/federating_plug.ex | 18 +++++++ .../web/activity_pub/activity_pub_controller.ex | 1 + lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 2 + lib/pleroma/web/ostatus/ostatus_controller.ex | 1 + lib/pleroma/web/router.ex | 57 +++++++++------------- .../web/twitter_api/twitter_api_controller.ex | 12 +++++ .../web/web_finger/web_finger_controller.ex | 2 + lib/pleroma/web/websub/websub_controller.ex | 9 ++++ 8 files changed, 67 insertions(+), 35 deletions(-) create mode 100644 lib/pleroma/plugs/federating_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/federating_plug.ex b/lib/pleroma/plugs/federating_plug.ex new file mode 100644 index 000000000..4108d90af --- /dev/null +++ b/lib/pleroma/plugs/federating_plug.ex @@ -0,0 +1,18 @@ +defmodule Pleroma.Web.FederatingPlug do + import Plug.Conn + + def init(options) do + options + end + + def call(conn, opts) do + if Keyword.get(Application.get_env(:pleroma, :instance), :federating) do + conn + else + conn + |> put_status(404) + |> Phoenix.Controller.render(Pleroma.Web.ErrorView, "404.json") + |> halt() + end + end +end diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 531e98237..99342aad9 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -12,6 +12,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do action_fallback(:errors) + plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay]) plug(:relay_active? when action in [:relay]) def relay_active?(conn, _) do diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 5446179cb..d58f08881 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -6,6 +6,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do alias Pleroma.{User, Repo} alias Pleroma.Web.ActivityPub.MRF + plug(Pleroma.Web.FederatingPlug) + def schemas(conn, _params) do response = %{ links: [ diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index 09d1b1110..2f92935e7 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -10,6 +10,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do alias Pleroma.Web.ActivityPub.ActivityPubController alias Pleroma.Web.ActivityPub.ActivityPub + plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming]) action_fallback(:errors) def feed_redirect(conn, %{"nickname" => nickname}) do diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 7b7affe5e..b461def82 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -3,11 +3,6 @@ defmodule Pleroma.Web.Router do alias Pleroma.{Repo, User, Web.Router} - @instance Application.get_env(:pleroma, :instance) - @federating Keyword.get(@instance, :federating) - @public Keyword.get(@instance, :public) - @registrations_open Keyword.get(@instance, :registrations_open) - pipeline :api do plug(:accepts, ["json"]) plug(:fetch_session) @@ -242,11 +237,7 @@ defmodule Pleroma.Web.Router do end scope "/api", Pleroma.Web do - if @public do - pipe_through(:api) - else - pipe_through(:authenticated_api) - end + pipe_through(:api) get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline) @@ -330,12 +321,10 @@ defmodule Pleroma.Web.Router do get("/users/:nickname/feed", OStatus.OStatusController, :feed) get("/users/:nickname", OStatus.OStatusController, :feed_redirect) - if @federating do - post("/users/:nickname/salmon", OStatus.OStatusController, :salmon_incoming) - post("/push/hub/:nickname", Websub.WebsubController, :websub_subscription_request) - get("/push/subscriptions/:id", Websub.WebsubController, :websub_subscription_confirmation) - post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming) - end + post("/users/:nickname/salmon", OStatus.OStatusController, :salmon_incoming) + post("/push/hub/:nickname", Websub.WebsubController, :websub_subscription_request) + get("/push/subscriptions/:id", Websub.WebsubController, :websub_subscription_confirmation) + post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming) end pipeline :activitypub do @@ -352,29 +341,27 @@ defmodule Pleroma.Web.Router do get("/users/:nickname/outbox", ActivityPubController, :outbox) end - if @federating do - scope "/relay", Pleroma.Web.ActivityPub do - pipe_through(:ap_relay) - get("/", ActivityPubController, :relay) - end + scope "/relay", Pleroma.Web.ActivityPub do + pipe_through(:ap_relay) + get("/", ActivityPubController, :relay) + end - scope "/", Pleroma.Web.ActivityPub do - pipe_through(:activitypub) - post("/users/:nickname/inbox", ActivityPubController, :inbox) - post("/inbox", ActivityPubController, :inbox) - end + scope "/", Pleroma.Web.ActivityPub do + pipe_through(:activitypub) + post("/users/:nickname/inbox", ActivityPubController, :inbox) + post("/inbox", ActivityPubController, :inbox) + end - scope "/.well-known", Pleroma.Web do - pipe_through(:well_known) + scope "/.well-known", Pleroma.Web do + pipe_through(:well_known) - get("/host-meta", WebFinger.WebFingerController, :host_meta) - get("/webfinger", WebFinger.WebFingerController, :webfinger) - get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas) - end + get("/host-meta", WebFinger.WebFingerController, :host_meta) + get("/webfinger", WebFinger.WebFingerController, :webfinger) + get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas) + end - scope "/nodeinfo", Pleroma.Web do - get("/:version", Nodeinfo.NodeinfoController, :nodeinfo) - end + scope "/nodeinfo", Pleroma.Web do + get("/:version", Nodeinfo.NodeinfoController, :nodeinfo) end scope "/", Pleroma.Web.MastodonAPI do diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 7153a2bd6..3054a8106 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -11,6 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do require Logger + plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline]) action_fallback(:errors) def verify_credentials(%{assigns: %{user: user}} = conn, _params) do @@ -518,6 +519,17 @@ defmodule Pleroma.Web.TwitterAPI.Controller do json_reply(conn, 403, json) end + def only_if_public_instance(conn = %{conn: %{assigns: %{user: _user}}}, _), do: conn + + def only_if_public_instance(conn, _) do + if Keyword.get(Application.get_env(:pleroma, :instance), :public) do + conn + else + conn + |> forbidden_json_reply("Invalid credentials.") + end + end + defp error_json(conn, error_message) do %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!() end diff --git a/lib/pleroma/web/web_finger/web_finger_controller.ex b/lib/pleroma/web/web_finger/web_finger_controller.ex index 50d816256..002353166 100644 --- a/lib/pleroma/web/web_finger/web_finger_controller.ex +++ b/lib/pleroma/web/web_finger/web_finger_controller.ex @@ -3,6 +3,8 @@ defmodule Pleroma.Web.WebFinger.WebFingerController do alias Pleroma.Web.WebFinger + plug(Pleroma.Web.FederatingPlug) + def host_meta(conn, _params) do xml = WebFinger.host_meta() diff --git a/lib/pleroma/web/websub/websub_controller.ex b/lib/pleroma/web/websub/websub_controller.ex index 590dd74a1..c1934ba92 100644 --- a/lib/pleroma/web/websub/websub_controller.ex +++ b/lib/pleroma/web/websub/websub_controller.ex @@ -5,6 +5,15 @@ defmodule Pleroma.Web.Websub.WebsubController do alias Pleroma.Web.Websub.WebsubClientSubscription require Logger + plug( + Pleroma.Web.FederatingPlug + when action in [ + :websub_subscription_request, + :websub_subscription_confirmation, + :websub_incoming + ] + ) + def websub_subscription_request(conn, %{"nickname" => nickname} = params) do user = User.get_cached_by_nickname(nickname) -- cgit v1.2.3 From fd0e7d18d96fb242088d8c6bb7ea5e1eb7053ce8 Mon Sep 17 00:00:00 2001 From: href Date: Mon, 5 Nov 2018 18:04:43 +0100 Subject: handle_continue is OTP21+ --- lib/pleroma/emoji.ex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/emoji.ex b/lib/pleroma/emoji.ex index cc9713b53..7da1a2438 100644 --- a/lib/pleroma/emoji.ex +++ b/lib/pleroma/emoji.ex @@ -41,11 +41,12 @@ defmodule Pleroma.Emoji do @doc false def init(_) do @ets = :ets.new(@ets, @ets_options) - {:ok, nil, {:continue, :reload}} + GenServer.cast(self(), :reload) + {:ok, nil} end @doc false - def handle_continue(:reload, state) do + def handle_cast(:reload, state) do load() {:noreply, state} end -- cgit v1.2.3 From 83911b1443c99d3f8c6784a57d8327a22c05e606 Mon Sep 17 00:00:00 2001 From: href Date: Mon, 5 Nov 2018 21:16:56 +0100 Subject: Fix wrong return when finmoji is disabled --- lib/pleroma/emoji.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/emoji.ex b/lib/pleroma/emoji.ex index 7da1a2438..0a5e1d5ce 100644 --- a/lib/pleroma/emoji.ex +++ b/lib/pleroma/emoji.ex @@ -153,7 +153,7 @@ defmodule Pleroma.Emoji do end) end - defp load_finmoji(_), do: :ok + defp load_finmoji(_), do: [] defp load_from_file(file) do if File.exists?(file) do -- cgit v1.2.3 From 013f7ba8c1c4e6519cf30d192e3a41c6c96f8a63 Mon Sep 17 00:00:00 2001 From: href Date: Tue, 6 Nov 2018 14:44:00 +0100 Subject: Add federating plug & public tests --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 3054a8106..83d725f13 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -527,6 +527,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do else conn |> forbidden_json_reply("Invalid credentials.") + |> halt() end end -- cgit v1.2.3 From 2bc924ba451b1a324663133632093914192cec2d Mon Sep 17 00:00:00 2001 From: href Date: Tue, 6 Nov 2018 11:34:34 +0100 Subject: Get rid of Pleroma.Config in favor of Application Discussed in https://git.pleroma.social/pleroma/pleroma/merge_requests/426#note_7232 --- lib/pleroma/application.ex | 1 - lib/pleroma/config.ex | 15 --------------- lib/pleroma/web/activity_pub/activity_pub_controller.ex | 3 +-- lib/pleroma/web/federator/federator.ex | 3 +-- 4 files changed, 2 insertions(+), 20 deletions(-) delete mode 100644 lib/pleroma/config.ex (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index d4bc8f63d..eedad7675 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -10,7 +10,6 @@ defmodule Pleroma.Application do # Define workers and child supervisors to be supervised children = [ - worker(Pleroma.Config, [Application.get_all_env(:pleroma)]), # Start the Ecto repository supervisor(Pleroma.Repo, []), worker(Pleroma.Emoji, []), diff --git a/lib/pleroma/config.ex b/lib/pleroma/config.ex deleted file mode 100644 index 510d8d498..000000000 --- a/lib/pleroma/config.ex +++ /dev/null @@ -1,15 +0,0 @@ -defmodule Pleroma.Config do - use Agent - - def start_link(initial) do - Agent.start_link(fn -> initial end, name: __MODULE__) - end - - def get(path) do - Agent.get(__MODULE__, Kernel, :get_in, [path]) - end - - def put(path, value) do - Agent.update(__MODULE__, Kernel, :put_in, [path, value]) - end -end diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 531e98237..47937beef 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -6,7 +6,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.Federator - alias Pleroma.Config require Logger @@ -15,7 +14,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do plug(:relay_active? when action in [:relay]) def relay_active?(conn, _) do - if Config.get([:instance, :allow_relay]) do + if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do conn else conn diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 9ea2507a1..01c2c89c3 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -7,7 +7,6 @@ defmodule Pleroma.Web.Federator do alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils - alias Pleroma.Config require Logger @websub Application.get_env(:pleroma, :websub) @@ -72,7 +71,7 @@ defmodule Pleroma.Web.Federator do Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end) Pleroma.Web.Salmon.publish(actor, activity) - if Config.get([:instance, :allow_relay]) do + if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do Logger.info(fn -> "Relaying #{activity.data["id"]} out" end) Relay.publish(activity) end -- cgit v1.2.3 From 4f640c43edc237f4450cc0d42896b5e0a7b4a324 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 6 Nov 2018 15:19:11 +0100 Subject: Unify Mastodon Login with OAuth login. This removes duplication in the login code. --- .../web/mastodon_api/mastodon_api_controller.ex | 41 ++++++++++-------- lib/pleroma/web/oauth/oauth_controller.ex | 48 +++++++++++++--------- .../templates/mastodon_api/mastodon/login.html.eex | 11 ----- 3 files changed, 52 insertions(+), 48 deletions(-) delete mode 100644 lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e92114f57..51a7ec2b2 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -985,9 +985,30 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def login(conn, %{"code" => code}) do + with {:ok, app} <- get_or_make_app(), + %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id), + {:ok, token} <- Token.exchange_token(app, auth) do + + conn + |> put_session(:oauth_token, token.token) + |> redirect(to: "/web/getting-started") + end + end + def login(conn, _) do - conn - |> render(MastodonView, "login.html", %{error: false}) + with {:ok, app} <- get_or_make_app() do + path = + o_auth_path(conn, :authorize, + response_type: "code", + client_id: app.client_id, + redirect_uri: ".", + scope: app.scopes + ) + + conn + |> redirect(to: path) + end end defp get_or_make_app() do @@ -1006,22 +1027,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def login_post(conn, %{"authorization" => %{"name" => name, "password" => password}}) do - with %User{} = user <- User.get_by_nickname_or_email(name), - true <- Pbkdf2.checkpw(password, user.password_hash), - {:ok, app} <- get_or_make_app(), - {:ok, auth} <- Authorization.create_authorization(app, user), - {:ok, token} <- Token.exchange_token(app, auth) do - conn - |> put_session(:oauth_token, token.token) - |> redirect(to: "/web/getting-started") - else - _e -> - conn - |> render(MastodonView, "login.html", %{error: "Wrong username or password"}) - end - end - def logout(conn, _) do conn |> clear_session diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 5441ee0a8..35c158fbb 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -33,25 +33,35 @@ defmodule Pleroma.Web.OAuth.OAuthController do true <- Pbkdf2.checkpw(password, user.password_hash), %App{} = app <- Repo.get_by(App, client_id: client_id), {:ok, auth} <- Authorization.create_authorization(app, user) do - if redirect_uri == "urn:ietf:wg:oauth:2.0:oob" do - render(conn, "results.html", %{ - auth: auth - }) - else - connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?" - url = "#{redirect_uri}#{connector}" - url_params = %{:code => auth.token} - - url_params = - if params["state"] do - Map.put(url_params, :state, params["state"]) - else - url_params - end - - url = "#{url}#{Plug.Conn.Query.encode(url_params)}" - - redirect(conn, external: url) + # Special case: Local MastodonFE. + redirect_uri = + if redirect_uri == "." do + mastodon_api_url(conn, :login) + else + redirect_uri + end + + cond do + redirect_uri == "urn:ietf:wg:oauth:2.0:oob" -> + render(conn, "results.html", %{ + auth: auth + }) + + true -> + connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?" + url = "#{redirect_uri}#{connector}" + url_params = %{:code => auth.token} + + url_params = + if params["state"] do + Map.put(url_params, :state, params["state"]) + else + url_params + end + + url = "#{url}#{Plug.Conn.Query.encode(url_params)}" + + redirect(conn, external: url) end end end diff --git a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex b/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex deleted file mode 100644 index 34cd7ed89..000000000 --- a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex +++ /dev/null @@ -1,11 +0,0 @@ -

Login to Mastodon Frontend

-<%= if @error do %> -

<%= @error %>

-<% end %> -<%= form_for @conn, mastodon_api_path(@conn, :login), [as: "authorization"], fn f -> %> -<%= text_input f, :name, placeholder: "Username or email" %> -
-<%= password_input f, :password, placeholder: "Password" %> -
-<%= submit "Log in" %> -<% end %> -- cgit v1.2.3 From 7d328c658da69ec236d10fa89d23f2a6886b3205 Mon Sep 17 00:00:00 2001 From: href Date: Tue, 6 Nov 2018 16:00:48 +0100 Subject: Small wrapper module around Application.get_env/put_env Same API as the old Pleroma.Config --- lib/pleroma/config.ex | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 lib/pleroma/config.ex (limited to 'lib') diff --git a/lib/pleroma/config.ex b/lib/pleroma/config.ex new file mode 100644 index 000000000..fc5338591 --- /dev/null +++ b/lib/pleroma/config.ex @@ -0,0 +1,26 @@ +defmodule Pleroma.Config do + def get([key]), do: get(key) + + def get([parent_key | keys]) do + Application.get_env(:pleroma, parent_key) + |> get_in(keys) + end + + def get(key) do + Application.get_env(:pleroma, key) + end + + def put([key], value), do: put(key, value) + + def put([parent_key | keys], value) do + parent = + Application.get_env(:pleroma, parent_key) + |> put_in(keys, value) + + Application.put_env(:pleroma, parent_key, parent) + end + + def put(key, value) do + Application.put_env(:pleroma, key, value) + end +end -- cgit v1.2.3 From a8f1e30cb81fe17866e3ee33f5b3558dd5b33764 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 6 Nov 2018 16:05:58 +0100 Subject: Formatting. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 - 1 file changed, 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 51a7ec2b2..5cb007740 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -989,7 +989,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do with {:ok, app} <- get_or_make_app(), %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id), {:ok, token} <- Token.exchange_token(app, auth) do - conn |> put_session(:oauth_token, token.token) |> redirect(to: "/web/getting-started") -- cgit v1.2.3 From 5bb88fd1749931e755157760ec833c5d50ebb8c8 Mon Sep 17 00:00:00 2001 From: href Date: Tue, 6 Nov 2018 19:34:57 +0100 Subject: Runtime configuration Related to #85 Everything should now be configured at runtime, with the exception of the `Pleroma.HTML` scrubbers (the scrubbers used can be changed at runtime, but their configuration is compile-time) because it's building a module with a macro. --- lib/pleroma/config.ex | 26 +++++-- lib/pleroma/formatter.ex | 2 - lib/pleroma/gopher/server.ex | 15 ++-- lib/pleroma/html.ex | 4 +- lib/pleroma/upload.ex | 13 ++-- lib/pleroma/uploaders/swift/keystone.ex | 11 ++- lib/pleroma/uploaders/swift/swift.ex | 6 +- lib/pleroma/web/activity_pub/activity_pub.ex | 6 +- .../web/activity_pub/mrf/normalize_markup.ex | 4 +- .../web/activity_pub/mrf/reject_non_public.ex | 10 +-- lib/pleroma/web/activity_pub/mrf/simple_policy.ex | 85 +++++++++++++--------- lib/pleroma/web/activity_pub/transmogrifier.ex | 7 +- lib/pleroma/web/common_api/common_api.ex | 16 ++-- lib/pleroma/web/federator/federator.ex | 4 +- .../web/mastodon_api/mastodon_api_controller.ex | 47 ++++++------ .../web/twitter_api/controllers/util_controller.ex | 55 +++++++------- lib/pleroma/web/twitter_api/twitter_api.ex | 23 +++--- 17 files changed, 172 insertions(+), 162 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/config.ex b/lib/pleroma/config.ex index fc5338591..15f771b6e 100644 --- a/lib/pleroma/config.ex +++ b/lib/pleroma/config.ex @@ -1,13 +1,29 @@ defmodule Pleroma.Config do - def get([key]), do: get(key) + defmodule Error do + defexception [:message] + end + + def get(key), do: get(key, nil) + + def get([key], default), do: get(key, default) - def get([parent_key | keys]) do + def get([parent_key | keys], default) do Application.get_env(:pleroma, parent_key) - |> get_in(keys) + |> get_in(keys) || default end - def get(key) do - Application.get_env(:pleroma, key) + def get(key, default) do + Application.get_env(:pleroma, key, default) + end + + def get!(key) do + value = get(key, nil) + + if value == nil do + raise(Error, message: "Missing configuration value: #{inspect(key)}") + else + value + end end def put([key], value), do: put(key, value) diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index dd971df9b..26bb17377 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -29,8 +29,6 @@ defmodule Pleroma.Formatter do |> Enum.filter(fn {_match, user} -> user end) end - @instance Application.get_env(:pleroma, :instance) - def emojify(text) do emojify(text, Emoji.get_all()) end diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex index d34037f4f..e6361a82c 100644 --- a/lib/pleroma/gopher/server.ex +++ b/lib/pleroma/gopher/server.ex @@ -1,16 +1,16 @@ defmodule Pleroma.Gopher.Server do use GenServer require Logger - @gopher Application.get_env(:pleroma, :gopher) def start_link() do - ip = Keyword.get(@gopher, :ip, {0, 0, 0, 0}) - port = Keyword.get(@gopher, :port, 1234) + config = Pleroma.Config.get(:gopher, []) + ip = Keyword.get(config, :ip, {0, 0, 0, 0}) + port = Keyword.get(config, :port, 1234) GenServer.start_link(__MODULE__, [ip, port], []) end def init([ip, port]) do - if Keyword.get(@gopher, :enabled, false) do + if Pleroma.Config.get([:gopher, :enabled], false) do Logger.info("Starting gopher server on #{port}") :ranch.start_listener( @@ -37,9 +37,6 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do alias Pleroma.Repo alias Pleroma.HTML - @instance Application.get_env(:pleroma, :instance) - @gopher Application.get_env(:pleroma, :gopher) - def start_link(ref, socket, transport, opts) do pid = spawn_link(__MODULE__, :init, [ref, socket, transport, opts]) {:ok, pid} @@ -62,7 +59,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do def link(name, selector, type \\ 1) do address = Pleroma.Web.Endpoint.host() - port = Keyword.get(@gopher, :port, 1234) + port = Pleroma.Config.get([:gopher, :port], 1234) "#{type}#{name}\t#{selector}\t#{address}\t#{port}\r\n" end @@ -85,7 +82,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do end def response("") do - info("Welcome to #{Keyword.get(@instance, :name, "Pleroma")}!") <> + info("Welcome to #{Pleroma.Config.get([:instance, :name], "Pleroma")}!") <> link("Public Timeline", "/main/public") <> link("Federated Timeline", "/main/all") <> ".\r\n" end diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 00b26963d..1b920d7fd 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -1,14 +1,12 @@ defmodule Pleroma.HTML do alias HtmlSanitizeEx.Scrubber - @markup Application.get_env(:pleroma, :markup) - defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber] defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default] def get_scrubbers() do - Keyword.get(@markup, :scrub_policy) + Pleroma.Config.get([:markup, :scrub_policy]) |> get_scrubbers end diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index 2293ff54e..89aa779f9 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -1,9 +1,6 @@ defmodule Pleroma.Upload do alias Ecto.UUID - @storage_backend Application.get_env(:pleroma, Pleroma.Upload) - |> Keyword.fetch!(:uploader) - def check_file_size(path, nil), do: true def check_file_size(path, size_limit) do @@ -21,8 +18,7 @@ defmodule Pleroma.Upload do true <- check_file_size(file.path, size_limit) do strip_exif_data(content_type, file.path) - {:ok, url_path} = - @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) + {:ok, url_path} = uploader().put_file(name, uuid, file.path, content_type, should_dedupe) %{ "type" => "Document", @@ -57,8 +53,7 @@ defmodule Pleroma.Upload do content_type ) - {:ok, url_path} = - @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) + {:ok, url_path} = uploader().put_file(name, uuid, tmp_path, content_type, should_dedupe) %{ "type" => "Image", @@ -182,4 +177,8 @@ defmodule Pleroma.Upload do _e -> "application/octet-stream" end end + + defp uploader() do + Pleroma.Config.get!([Pleroma.Upload, :uploader]) + end end diff --git a/lib/pleroma/uploaders/swift/keystone.ex b/lib/pleroma/uploaders/swift/keystone.ex index a79214319..e578b3c61 100644 --- a/lib/pleroma/uploaders/swift/keystone.ex +++ b/lib/pleroma/uploaders/swift/keystone.ex @@ -1,11 +1,9 @@ defmodule Pleroma.Uploaders.Swift.Keystone do use HTTPoison.Base - @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) - def process_url(url) do Enum.join( - [Keyword.fetch!(@settings, :auth_url), url], + [Pleroma.Config.get!([Pleroma.Uploaders.Swift, :auth_url]), url], "/" ) end @@ -16,9 +14,10 @@ defmodule Pleroma.Uploaders.Swift.Keystone do end def get_token() do - username = Keyword.fetch!(@settings, :username) - password = Keyword.fetch!(@settings, :password) - tenant_id = Keyword.fetch!(@settings, :tenant_id) + settings = Pleroma.Config.get(Pleroma.Uploaders.Swift) + username = Keyword.fetch!(settings, :username) + password = Keyword.fetch!(settings, :password) + tenant_id = Keyword.fetch!(settings, :tenant_id) case post( "/tokens", diff --git a/lib/pleroma/uploaders/swift/swift.ex b/lib/pleroma/uploaders/swift/swift.ex index 819dfebda..fa08ca966 100644 --- a/lib/pleroma/uploaders/swift/swift.ex +++ b/lib/pleroma/uploaders/swift/swift.ex @@ -1,17 +1,15 @@ defmodule Pleroma.Uploaders.Swift.Client do use HTTPoison.Base - @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) - def process_url(url) do Enum.join( - [Keyword.fetch!(@settings, :storage_url), url], + [Pleroma.Config.get!([Pleroma.Uploaders.Swift, :storage_url]), url], "/" ) end def upload_file(filename, body, content_type) do - object_url = Keyword.fetch!(@settings, :object_url) + object_url = Pleroma.Config.get!([Pleroma.Uploaders.Swift, :object_url]) token = Pleroma.Uploaders.Swift.Keystone.get_token() case put("#{filename}", body, "X-Auth-Token": token, "Content-Type": content_type) do diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 32c14995f..c6733e487 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -10,8 +10,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do @httpoison Application.get_env(:pleroma, :httpoison) - @instance Application.get_env(:pleroma, :instance) - # For Announce activities, we filter the recipients based on following status for any actors # that match actual users. See issue #164 for more information about why this is necessary. defp get_recipients(%{"type" => "Announce"} = data) do @@ -659,14 +657,12 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end - @quarantined_instances Keyword.get(@instance, :quarantined_instances, []) - def should_federate?(inbox, public) do if public do true else inbox_info = URI.parse(inbox) - inbox_info.host not in @quarantined_instances + !Enum.member?(Pleroma.Config.get([:instance, :quarantined_instances], []), inbox_info.host) end end diff --git a/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex index b4f91f3cc..c53cb1ad2 100644 --- a/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex +++ b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex @@ -3,10 +3,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkup do @behaviour Pleroma.Web.ActivityPub.MRF - @mrf_normalize_markup Application.get_env(:pleroma, :mrf_normalize_markup) - def filter(%{"type" => activity_type} = object) when activity_type == "Create" do - scrub_policy = Keyword.get(@mrf_normalize_markup, :scrub_policy) + scrub_policy = Pleroma.Config.get([:mrf_normalize_markup, :scrub_policy]) child = object["object"] diff --git a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex index 129d04617..627284083 100644 --- a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex +++ b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex @@ -2,10 +2,6 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do alias Pleroma.User @behaviour Pleroma.Web.ActivityPub.MRF - @mrf_rejectnonpublic Application.get_env(:pleroma, :mrf_rejectnonpublic) - @allow_followersonly Keyword.get(@mrf_rejectnonpublic, :allow_followersonly) - @allow_direct Keyword.get(@mrf_rejectnonpublic, :allow_direct) - @impl true def filter(%{"type" => "Create"} = object) do user = User.get_cached_by_ap_id(object["actor"]) @@ -20,6 +16,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do true -> "direct" end + policy = Pleroma.Config.get(:mrf_rejectnonpublic) + case visibility do "public" -> {:ok, object} @@ -28,14 +26,14 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do {:ok, object} "followers" -> - with true <- @allow_followersonly do + with true <- Keyword.get(policy, :allow_followersonly) do {:ok, object} else _e -> {:reject, nil} end "direct" -> - with true <- @allow_direct do + with true <- Keyword.get(policy, :allow_direct) do {:ok, object} else _e -> {:reject, nil} diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index 319721d48..341b5bce3 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -2,60 +2,75 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do alias Pleroma.User @behaviour Pleroma.Web.ActivityPub.MRF - @mrf_policy Application.get_env(:pleroma, :mrf_simple) + defp check_accept(%{host: actor_host} = _actor_info, object) do + accepts = Pleroma.Config.get([:mrf_simple, :accept]) - @accept Keyword.get(@mrf_policy, :accept) - defp check_accept(%{host: actor_host} = actor_info, object) - when length(@accept) > 0 and not (actor_host in @accept) do - {:reject, nil} + cond do + accepts == [] -> {:ok, object} + Enum.member?(accepts, actor_host) -> {:ok, object} + true -> {:reject, nil} + end end - defp check_accept(actor_info, object), do: {:ok, object} - - @reject Keyword.get(@mrf_policy, :reject) - defp check_reject(%{host: actor_host} = actor_info, object) when actor_host in @reject do - {:reject, nil} + defp check_reject(%{host: actor_host} = _actor_info, object) do + if Enum.member?(Pleroma.Config.get([:mrf_simple, :reject]), actor_host) do + {:reject, nil} + else + {:ok, object} + end end - defp check_reject(actor_info, object), do: {:ok, object} + defp check_media_removal( + %{host: actor_host} = _actor_info, + %{"type" => "Create", "object" => %{"attachement" => child_attachement}} = object + ) + when length(child_attachement) > 0 do + object = + if Enum.member?(Pleroma.Config.get([:mrf_simple, :media_removal]), actor_host) do + child_object = Map.delete(object["object"], "attachment") + Map.put(object, "object", child_object) + else + object + end - @media_removal Keyword.get(@mrf_policy, :media_removal) - defp check_media_removal(%{host: actor_host} = actor_info, %{"type" => "Create"} = object) - when actor_host in @media_removal do - child_object = Map.delete(object["object"], "attachment") - object = Map.put(object, "object", child_object) {:ok, object} end - defp check_media_removal(actor_info, object), do: {:ok, object} + defp check_media_removal(_actor_info, object), do: {:ok, object} - @media_nsfw Keyword.get(@mrf_policy, :media_nsfw) defp check_media_nsfw( - %{host: actor_host} = actor_info, + %{host: actor_host} = _actor_info, %{ "type" => "Create", "object" => %{"attachment" => child_attachment} = child_object } = object ) - when actor_host in @media_nsfw and length(child_attachment) > 0 do - tags = (child_object["tag"] || []) ++ ["nsfw"] - child_object = Map.put(child_object, "tags", tags) - child_object = Map.put(child_object, "sensitive", true) - object = Map.put(object, "object", child_object) + when length(child_attachment) > 0 do + object = + if Enum.member?(Pleroma.Config.get([:mrf_simple, :media_nsfw]), actor_host) do + tags = (child_object["tag"] || []) ++ ["nsfw"] + child_object = Map.put(child_object, "tags", tags) + child_object = Map.put(child_object, "sensitive", true) + Map.put(object, "object", child_object) + else + object + end + {:ok, object} end - defp check_media_nsfw(actor_info, object), do: {:ok, object} - - @ftl_removal Keyword.get(@mrf_policy, :federated_timeline_removal) - defp check_ftl_removal(%{host: actor_host} = actor_info, object) - when actor_host in @ftl_removal do - user = User.get_by_ap_id(object["actor"]) + defp check_media_nsfw(_actor_info, object), do: {:ok, object} - # flip to/cc relationship to make the post unlisted + defp check_ftl_removal(%{host: actor_host} = _actor_info, object) do object = - if "https://www.w3.org/ns/activitystreams#Public" in object["to"] and - user.follower_address in object["cc"] do + with true <- + Enum.member?( + Pleroma.Config.get([:mrf_simple, :federated_timeline_removal]), + actor_host + ), + user <- User.get_by_ap_id(object["actor"]), + true <- "https://www.w3.org/ns/activitystreams#Public" in object["to"], + true <- user.follower_address in object["cc"] do to = List.delete(object["to"], "https://www.w3.org/ns/activitystreams#Public") ++ [user.follower_address] @@ -68,14 +83,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do |> Map.put("to", to) |> Map.put("cc", cc) else - object + _ -> object end {:ok, object} end - defp check_ftl_removal(actor_info, object), do: {:ok, object} - @impl true def filter(object) do actor_info = URI.parse(object["actor"]) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 5bc151b97..d72f4a39a 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -506,9 +506,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end - @ap_config Application.get_env(:pleroma, :activitypub) - @accept_blocks Keyword.get(@ap_config, :accept_blocks) - def handle_incoming( %{ "type" => "Undo", @@ -517,7 +514,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do "id" => id } = _data ) do - with true <- @accept_blocks, + with true <- Pleroma.Config.get([:activitypub, :accept_blocks]), %User{local: true} = blocked <- User.get_cached_by_ap_id(blocked), %User{} = blocker <- User.get_or_fetch_by_ap_id(blocker), {:ok, activity} <- ActivityPub.unblock(blocker, blocked, id, false) do @@ -531,7 +528,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def handle_incoming( %{"type" => "Block", "object" => blocked, "actor" => blocker, "id" => id} = data ) do - with true <- @accept_blocks, + with true <- Pleroma.Config.get([:activitypub, :accept_blocks]), %User{local: true} = blocked = User.get_cached_by_ap_id(blocked), %User{} = blocker = User.get_or_fetch_by_ap_id(blocker), {:ok, activity} <- ActivityPub.block(blocker, blocked, id, false) do diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 8f47bb127..77e4dbbd7 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -70,15 +70,17 @@ defmodule Pleroma.Web.CommonAPI do def get_visibility(_), do: "public" - @instance Application.get_env(:pleroma, :instance) - @allowed_post_formats Keyword.get(@instance, :allowed_post_formats) - - defp get_content_type(content_type) when content_type in @allowed_post_formats, do: content_type - defp get_content_type(_), do: "text/plain" + defp get_content_type(content_type) do + if Enum.member?(Pleroma.Config.get([:instance, :allowed_post_formats]), content_type) do + content_type + else + "text/plain" + end + end - @limit Keyword.get(@instance, :limit) def post(user, %{"status" => status} = data) do visibility = get_visibility(data) + limit = Pleroma.Config.get([:instance, :limit]) with status <- String.trim(status), attachments <- attachments_from_ids(data["media_ids"]), @@ -98,7 +100,7 @@ defmodule Pleroma.Web.CommonAPI do context <- make_context(inReplyTo), cw <- data["spoiler_text"], full_payload <- String.trim(status <> (data["spoiler_text"] || "")), - length when length in 1..@limit <- String.length(full_payload), + length when length in 1..limit <- String.length(full_payload), object <- make_note_data( user.ap_id, diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 01c2c89c3..6071d08e4 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -12,8 +12,6 @@ defmodule Pleroma.Web.Federator do @websub Application.get_env(:pleroma, :websub) @ostatus Application.get_env(:pleroma, :ostatus) @httpoison Application.get_env(:pleroma, :httpoison) - @instance Application.get_env(:pleroma, :instance) - @federating Keyword.get(@instance, :federating) @max_jobs 20 def init(args) do @@ -147,7 +145,7 @@ defmodule Pleroma.Web.Federator do end def enqueue(type, payload, priority \\ 1) do - if @federating do + if Pleroma.Config.get([:instance, :federating]) do if Mix.env() == :test do handle(type, payload) else diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index e92114f57..0e7d12c20 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -132,22 +132,23 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - @instance Application.get_env(:pleroma, :instance) @mastodon_api_level "2.5.0" def masto_instance(conn, _params) do + instance = Pleroma.Config.get(:instance) + response = %{ uri: Web.base_url(), - title: Keyword.get(@instance, :name), - description: Keyword.get(@instance, :description), - version: "#{@mastodon_api_level} (compatible; #{Keyword.get(@instance, :version)})", - email: Keyword.get(@instance, :email), + title: Keyword.get(instance, :name), + description: Keyword.get(instance, :description), + version: "#{@mastodon_api_level} (compatible; #{Keyword.get(instance, :version)})", + email: Keyword.get(instance, :email), urls: %{ streaming_api: String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws") }, stats: Stats.get_stats(), thumbnail: Web.base_url() <> "/instance/thumbnail.jpeg", - max_toot_chars: Keyword.get(@instance, :limit) + max_toot_chars: Keyword.get(instance, :limit) } json(conn, response) @@ -581,15 +582,16 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - @activitypub Application.get_env(:pleroma, :activitypub) - @follow_handshake_timeout Keyword.get(@activitypub, :follow_handshake_timeout) - def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do with %User{} = followed <- Repo.get(User, id), {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, _activity} <- ActivityPub.follow(follower, followed), {:ok, follower, followed} <- - User.wait_and_refresh(@follow_handshake_timeout, follower, followed) do + User.wait_and_refresh( + Pleroma.Config.get([:activitypub, :follow_handshake_timeout]), + follower, + followed + ) do render(conn, AccountView, "relationship.json", %{user: follower, target: followed}) else {:error, message} -> @@ -880,6 +882,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if user && token do mastodon_emoji = mastodonized_emoji() + limit = Pleroma.Config.get([:instance, :limit]) + accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user})) @@ -899,7 +903,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do auto_play_gif: false, display_sensitive_media: false, reduce_motion: false, - max_toot_chars: Keyword.get(@instance, :limit) + max_toot_chars: limit }, rights: %{ delete_others_notice: !!user.info["is_moderator"] @@ -959,7 +963,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do push_subscription: nil, accounts: accounts, custom_emojis: mastodon_emoji, - char_limit: Keyword.get(@instance, :limit) + char_limit: limit } |> Jason.encode!() @@ -1165,18 +1169,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> json("Something went wrong") end - @suggestions Application.get_env(:pleroma, :suggestions) - def suggestions(%{assigns: %{user: user}} = conn, _) do - if Keyword.get(@suggestions, :enabled, false) do - api = Keyword.get(@suggestions, :third_party_engine, "") - timeout = Keyword.get(@suggestions, :timeout, 5000) - limit = Keyword.get(@suggestions, :limit, 23) - - host = - Application.get_env(:pleroma, Pleroma.Web.Endpoint) - |> Keyword.get(:url) - |> Keyword.get(:host) + suggestions = Pleroma.Config.get(:suggestions) + + if Keyword.get(suggestions, :enabled, false) do + api = Keyword.get(suggestions, :third_party_engine, "") + timeout = Keyword.get(suggestions, :timeout, 5000) + limit = Keyword.get(suggestions, :limit, 23) + + host = Pleroma.Config.get([Pleroma.Web.Endpoint, :url, :host]) user = user.nickname url = String.replace(api, "{{host}}", host) |> String.replace("{{user}}", user) diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index e84438e97..dc4a864d6 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -134,19 +134,20 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end end - @instance Application.get_env(:pleroma, :instance) - @instance_fe Application.get_env(:pleroma, :fe) - @instance_chat Application.get_env(:pleroma, :chat) def config(conn, _params) do + instance = Pleroma.Config.get(:instance) + instance_fe = Pleroma.Config.get(:fe) + instance_chat = Pleroma.Config.get(:chat) + case get_format(conn) do "xml" -> response = """ - #{Keyword.get(@instance, :name)} + #{Keyword.get(instance, :name)} #{Web.base_url()} - #{Keyword.get(@instance, :limit)} - #{!Keyword.get(@instance, :registrations_open)} + #{Keyword.get(instance, :limit)} + #{!Keyword.get(instance, :registrations_open)} """ @@ -157,32 +158,32 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do _ -> data = %{ - name: Keyword.get(@instance, :name), - description: Keyword.get(@instance, :description), + name: Keyword.get(instance, :name), + description: Keyword.get(instance, :description), server: Web.base_url(), - textlimit: to_string(Keyword.get(@instance, :limit)), - closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1"), - private: if(Keyword.get(@instance, :public, true), do: "0", else: "1") + textlimit: to_string(Keyword.get(instance, :limit)), + closed: if(Keyword.get(instance, :registrations_open), do: "0", else: "1"), + private: if(Keyword.get(instance, :public, true), do: "0", else: "1") } pleroma_fe = %{ - theme: Keyword.get(@instance_fe, :theme), - background: Keyword.get(@instance_fe, :background), - logo: Keyword.get(@instance_fe, :logo), - logoMask: Keyword.get(@instance_fe, :logo_mask), - logoMargin: Keyword.get(@instance_fe, :logo_margin), - redirectRootNoLogin: Keyword.get(@instance_fe, :redirect_root_no_login), - redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), - chatDisabled: !Keyword.get(@instance_chat, :enabled), - showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), - scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), - formattingOptionsEnabled: Keyword.get(@instance_fe, :formatting_options_enabled), - collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject), - hidePostStats: Keyword.get(@instance_fe, :hide_post_stats), - hideUserStats: Keyword.get(@instance_fe, :hide_user_stats) + theme: Keyword.get(instance_fe, :theme), + background: Keyword.get(instance_fe, :background), + logo: Keyword.get(instance_fe, :logo), + logoMask: Keyword.get(instance_fe, :logo_mask), + logoMargin: Keyword.get(instance_fe, :logo_margin), + redirectRootNoLogin: Keyword.get(instance_fe, :redirect_root_no_login), + redirectRootLogin: Keyword.get(instance_fe, :redirect_root_login), + chatDisabled: !Keyword.get(instance_chat, :enabled), + showInstanceSpecificPanel: Keyword.get(instance_fe, :show_instance_panel), + scopeOptionsEnabled: Keyword.get(instance_fe, :scope_options_enabled), + formattingOptionsEnabled: Keyword.get(instance_fe, :formatting_options_enabled), + collapseMessageWithSubject: Keyword.get(instance_fe, :collapse_message_with_subject), + hidePostStats: Keyword.get(instance_fe, :hide_post_stats), + hideUserStats: Keyword.get(instance_fe, :hide_user_stats) } - managed_config = Keyword.get(@instance, :managed_config) + managed_config = Keyword.get(instance, :managed_config) data = if managed_config do @@ -196,7 +197,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end def version(conn, _params) do - version = Keyword.get(@instance, :version) + version = Pleroma.Config.get([:instance, :version]) case get_format(conn) do "xml" -> diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index cb483df9d..5bfb83b1e 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -6,9 +6,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do alias Pleroma.Web.MediaProxy import Ecto.Query - @instance Application.get_env(:pleroma, :instance) @httpoison Application.get_env(:pleroma, :httpoison) - @registrations_open Keyword.get(@instance, :registrations_open) def create_status(%User{} = user, %{"status" => _} = data) do CommonAPI.post(user, data) @@ -21,15 +19,16 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end end - @activitypub Application.get_env(:pleroma, :activitypub) - @follow_handshake_timeout Keyword.get(@activitypub, :follow_handshake_timeout) - def follow(%User{} = follower, params) do with {:ok, %User{} = followed} <- get_user(params), {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, activity} <- ActivityPub.follow(follower, followed), {:ok, follower, followed} <- - User.wait_and_refresh(@follow_handshake_timeout, follower, followed) do + User.wait_and_refresh( + Pleroma.Config.get([:activitypub, :follow_handshake_timeout]), + follower, + followed + ) do {:ok, follower, followed, activity} else err -> err @@ -139,18 +138,20 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do password_confirmation: params["confirm"] } + registrations_open = Pleroma.Config.get([:instance, :registrations_open]) + # no need to query DB if registration is open token = - unless @registrations_open || is_nil(tokenString) do + unless registrations_open || is_nil(tokenString) do Repo.get_by(UserInviteToken, %{token: tokenString}) end cond do - @registrations_open || (!is_nil(token) && !token.used) -> + registrations_open || (!is_nil(token) && !token.used) -> changeset = User.register_changeset(%User{}, params) with {:ok, user} <- Repo.insert(changeset) do - !@registrations_open && UserInviteToken.mark_as_used(token.token) + !registrations_open && UserInviteToken.mark_as_used(token.token) {:ok, user} else {:error, changeset} -> @@ -161,10 +162,10 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do {:error, %{error: errors}} end - !@registrations_open && is_nil(token) -> + !registrations_open && is_nil(token) -> {:error, "Invalid token"} - !@registrations_open && token.used -> + !registrations_open && token.used -> {:error, "Expired token"} end end -- cgit v1.2.3 From f16c2e0b1b524fa9fc6a3733dd47e1d82f199fc7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 6 Nov 2018 22:50:43 +0000 Subject: notification: add Notification.set_read_up_to() --- lib/pleroma/notification.ex | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index e0dcd9823..75d7461e4 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -42,6 +42,20 @@ defmodule Pleroma.Notification do Repo.all(query) end + def set_read_up_to(%{id: user_id} = _user, id) do + query = + from( + n in Notification, + where: n.user_id == ^user_id, + where: n.id <= ^id, + update: [ + set: [seen: true] + ] + ) + + Repo.update_all(query, []) + end + def get(%{id: user_id} = _user, id) do query = from( -- cgit v1.2.3 From b2105a31316d371733a75322bbf60868700f037d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 6 Nov 2018 23:07:13 +0000 Subject: twitterapi: add notification read endpoint --- lib/pleroma/web/router.ex | 4 ++++ lib/pleroma/web/twitter_api/twitter_api_controller.ex | 13 +++++++++++++ 2 files changed, 17 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index b461def82..06d0f0623 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -272,6 +272,10 @@ defmodule Pleroma.Web.Router do get("/statuses/mentions_timeline", TwitterAPI.Controller, :mentions_timeline) get("/qvitter/statuses/notifications", TwitterAPI.Controller, :notifications) + # XXX: this is really a pleroma API, but we want to keep the pleroma namespace clean + # for now. + post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read) + post("/statuses/update", TwitterAPI.Controller, :status_update) post("/statuses/retweet/:id", TwitterAPI.Controller, :retweet) post("/statuses/unretweet/:id", TwitterAPI.Controller, :unretweet) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 83d725f13..727469a66 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -133,6 +133,19 @@ defmodule Pleroma.Web.TwitterAPI.Controller do |> render(NotificationView, "notification.json", %{notifications: notifications, for: user}) end + def notifications_read(%{assigns: %{user: user}} = conn, %{"latest_id" => latest_id} = params) do + Notification.set_read_up_to(user, latest_id) + + notifications = Notification.for_user(user, params) + + conn + |> render(NotificationView, "notification.json", %{notifications: notifications, for: user}) + end + + def notifications_read(%{assigns: %{user: user}} = conn, _) do + bad_request_reply(conn, "You need to specify latest_id") + end + def follow(%{assigns: %{user: user}} = conn, params) do case TwitterAPI.follow(user, params) do {:ok, user, followed, _activity} -> -- cgit v1.2.3 From 9070588493bc896e909e05374ff64fb3f893ec53 Mon Sep 17 00:00:00 2001 From: href Date: Wed, 7 Nov 2018 10:40:24 +0100 Subject: Runtime config: MRF changes --- lib/pleroma/web/activity_pub/mrf/simple_policy.ex | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index 341b5bce3..86dcf5080 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do cond do accepts == [] -> {:ok, object} + actor_host == Pleroma.Config.get([Pleroma.Web.Endpoint, :url, :host]) -> {:ok, object} Enum.member?(accepts, actor_host) -> {:ok, object} true -> {:reject, nil} end @@ -22,9 +23,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do defp check_media_removal( %{host: actor_host} = _actor_info, - %{"type" => "Create", "object" => %{"attachement" => child_attachement}} = object + %{"type" => "Create", "object" => %{"attachement" => child_attachment}} = object ) - when length(child_attachement) > 0 do + when length(child_attachment) > 0 do object = if Enum.member?(Pleroma.Config.get([:mrf_simple, :media_removal]), actor_host) do child_object = Map.delete(object["object"], "attachment") @@ -68,7 +69,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do Pleroma.Config.get([:mrf_simple, :federated_timeline_removal]), actor_host ), - user <- User.get_by_ap_id(object["actor"]), + user <- User.get_cached_by_ap_id(object["actor"]), true <- "https://www.w3.org/ns/activitystreams#Public" in object["to"], true <- user.follower_address in object["cc"] do to = -- cgit v1.2.3 From e42f2efae45923739b537cf35f3875578b181d37 Mon Sep 17 00:00:00 2001 From: href Date: Wed, 7 Nov 2018 16:27:07 +0100 Subject: /api/v1/accounts/relationships Return an empty array if no id in params This copies Mastodon API behaviour & fixes Mastalab app. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 5cb007740..af4cf2b71 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -443,6 +443,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do render(conn, AccountView, "relationships.json", %{user: user, targets: targets}) end + # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array. + def relationships(%{assigns: %{user: user}} = conn, _) do + conn + |> json([]) + end + def update_media(%{assigns: %{user: _}} = conn, data) do with %Object{} = object <- Repo.get(Object, data["id"]), true <- is_binary(data["description"]), -- cgit v1.2.3 From 3b02fd9fb7a834771c0582bf5a113f04ec2d46e0 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 8 Nov 2018 16:05:28 +0100 Subject: Small refactor. --- lib/pleroma/web/activity_pub/views/object_view.ex | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/object_view.ex b/lib/pleroma/web/activity_pub/views/object_view.ex index cc0b0556b..df734a871 100644 --- a/lib/pleroma/web/activity_pub/views/object_view.ex +++ b/lib/pleroma/web/activity_pub/views/object_view.ex @@ -3,23 +3,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do alias Pleroma.Web.ActivityPub.Transmogrifier def render("object.json", %{object: object}) do - base = %{ - "@context" => [ - "https://www.w3.org/ns/activitystreams", - "https://w3id.org/security/v1", - %{ - "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers", - "sensitive" => "as:sensitive", - "Hashtag" => "as:Hashtag", - "ostatus" => "http://ostatus.org#", - "atomUri" => "ostatus:atomUri", - "inReplyToAtomUri" => "ostatus:inReplyToAtomUri", - "conversation" => "ostatus:conversation", - "toot" => "http://joinmastodon.org/ns#", - "Emoji" => "toot:Emoji" - } - ] - } + base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header() additional = Transmogrifier.prepare_object(object.data) Map.merge(base, additional) -- cgit v1.2.3 From 34bd411781c598386f35397eb0affe124390c066 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 8 Nov 2018 16:39:38 +0100 Subject: Unify json ld header handling. --- lib/pleroma/web/activity_pub/transmogrifier.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 5bc151b97..db6823f2c 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -607,7 +607,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do data = data |> Map.put("object", object) - |> Map.put("@context", "https://www.w3.org/ns/activitystreams") + |> Map.merge(Utils.make_json_ld_header()) {:ok, data} end @@ -626,7 +626,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do data = data |> Map.put("object", object) - |> Map.put("@context", "https://www.w3.org/ns/activitystreams") + |> Map.merge(Utils.make_json_ld_header()) {:ok, data} end @@ -644,7 +644,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do data = data |> Map.put("object", object) - |> Map.put("@context", "https://www.w3.org/ns/activitystreams") + |> Map.merge(Utils.make_json_ld_header()) {:ok, data} end @@ -654,7 +654,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do data = data |> maybe_fix_object_url - |> Map.put("@context", "https://www.w3.org/ns/activitystreams") + |> Map.merge(Utils.make_json_ld_header()) {:ok, data} end -- cgit v1.2.3 From f733470037761723887386c7878b4f1d23dca304 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 16:51:48 +0000 Subject: user view: unify a @context entry that was missed --- lib/pleroma/web/activity_pub/views/user_view.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/user_view.ex b/lib/pleroma/web/activity_pub/views/user_view.ex index 16419e1b7..eb335813d 100644 --- a/lib/pleroma/web/activity_pub/views/user_view.ex +++ b/lib/pleroma/web/activity_pub/views/user_view.ex @@ -17,7 +17,6 @@ defmodule Pleroma.Web.ActivityPub.UserView do public_key = :public_key.pem_encode([public_key]) %{ - "@context" => "https://www.w3.org/ns/activitystreams", "id" => user.ap_id, "type" => "Application", "following" => "#{user.ap_id}/following", @@ -36,6 +35,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do "sharedInbox" => "#{Pleroma.Web.Endpoint.url()}/inbox" } } + |> Map.merge(Utils.make_json_ld_header()) end def render("user.json", %{user: user}) do -- cgit v1.2.3 From da16ada4240d2ba48f3972aedad26314a3ce4e49 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 16:52:14 +0000 Subject: utils: use litepub @context instead of that huge mess --- lib/pleroma/web/activity_pub/utils.ex | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 3362d9325..d81c824f0 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -70,18 +70,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do %{ "@context" => [ "https://www.w3.org/ns/activitystreams", - "https://w3id.org/security/v1", - %{ - "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers", - "sensitive" => "as:sensitive", - "Hashtag" => "as:Hashtag", - "ostatus" => "http://ostatus.org#", - "atomUri" => "ostatus:atomUri", - "inReplyToAtomUri" => "ostatus:inReplyToAtomUri", - "conversation" => "ostatus:conversation", - "toot" => "http://joinmastodon.org/ns#", - "Emoji" => "toot:Emoji" - } + "https://litepub.github.io/litepub/context.jsonld" ] } end -- cgit v1.2.3 From abcacec97d1002e92696c8c7f69b05130420b18f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 19:38:38 +0100 Subject: Pleroma.Web.ActivityPub.Utils: Use locally-served JSON-LD Litepub context instead of Github-hosted one --- lib/pleroma/web/activity_pub/utils.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index d81c824f0..174906537 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -70,7 +70,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do %{ "@context" => [ "https://www.w3.org/ns/activitystreams", - "https://litepub.github.io/litepub/context.jsonld" + "#{Web.base_url()}/litepub-1.0.jsonld" ] } end -- cgit v1.2.3 From 144dc048b8c5f71b41f9f14b6cc4315de4dca707 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 18:55:50 +0000 Subject: user: only consider `to` recipients as mention targets --- lib/pleroma/user.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index b2f59ab6b..0d11101a3 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -472,7 +472,7 @@ defmodule Pleroma.User do ) end - def get_notified_from_activity(%Activity{recipients: to, data: %{"type" => "Announce"} = data}) do + def get_notified_from_activity(%Activity{data: %{"type" => "Announce", "to" => to} = data}) do object = Object.normalize(data["object"]) actor = User.get_cached_by_ap_id(data["actor"]) @@ -490,12 +490,14 @@ defmodule Pleroma.User do Repo.all(query) end - def get_notified_from_activity(%Activity{recipients: to}) do + def get_notified_from_activity(%Activity{data: %{"to" => to}}) do query = get_notified_from_activity_query(to) Repo.all(query) end + def get_notified_from_activity(_), do: [] + def get_recipients_from_activity(%Activity{recipients: to}) do query = from( -- cgit v1.2.3 From 3e33479c05c315e04b0947136f1429c79c85c63c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 18:56:14 +0000 Subject: activitypub: transmogrifier: only consider `to` users as mention targets --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index a112d4ced..1471c9416 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -693,7 +693,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end def add_mention_tags(object) do - recipients = object["to"] ++ (object["cc"] || []) + recipients = object["to"] || [] mentions = recipients -- cgit v1.2.3 From 4e93d6ae14fc2e4829769e58e66b6fb95e661e7f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 19:17:01 +0000 Subject: common api: utils: flip to/cc for mentions --- lib/pleroma/web/common_api/utils.ex | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index b22c4cc03..728f24c7e 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -34,21 +34,29 @@ defmodule Pleroma.Web.CommonAPI.Utils do end def to_for_user_and_mentions(user, mentions, inReplyTo, "public") do - to = ["https://www.w3.org/ns/activitystreams#Public"] - mentioned_users = Enum.map(mentions, fn {_, %{ap_id: ap_id}} -> ap_id end) - cc = [user.follower_address | mentioned_users] + + to = ["https://www.w3.org/ns/activitystreams#Public" | mentioned_users] + cc = [user.follower_address] if inReplyTo do - {to, Enum.uniq([inReplyTo.data["actor"] | cc])} + {Enum.uniq([inReplyTo.data["actor"] | to]), cc} else {to, cc} end end def to_for_user_and_mentions(user, mentions, inReplyTo, "unlisted") do - {to, cc} = to_for_user_and_mentions(user, mentions, inReplyTo, "public") - {cc, to} + mentioned_users = Enum.map(mentions, fn {_, %{ap_id: ap_id}} -> ap_id end) + + to = [user.follower_address | mentioned_users] + cc = ["https://www.w3.org/ns/activitystreams#Public"] + + if inReplyTo do + {Enum.uniq([inReplyTo.data["actor"] | to]), cc} + else + {to, cc} + end end def to_for_user_and_mentions(user, mentions, inReplyTo, "private") do -- cgit v1.2.3 From 934125695d640a08de136ef3924909aaa81fdcc1 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 20:21:45 +0100 Subject: Move /litepub-1.0.jsonld to /schemas/litepub-0.1.jsonld --- lib/pleroma/web/activity_pub/utils.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 174906537..152bb5a8d 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -70,7 +70,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do %{ "@context" => [ "https://www.w3.org/ns/activitystreams", - "#{Web.base_url()}/litepub-1.0.jsonld" + "#{Web.base_url()}/schemas/litepub-0.1.jsonld" ] } end -- cgit v1.2.3 From 2fab32ab61d305bbea13c27ac23b1180b638c4cd Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 20:22:12 +0100 Subject: Pleroma.Web.Endpoint: Whitelist schemas directory --- lib/pleroma/web/endpoint.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 6673ab576..b38f33863 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -17,7 +17,7 @@ defmodule Pleroma.Web.Endpoint do Plug.Static, at: "/", from: :pleroma, - only: ~w(index.html static finmoji emoji packs sounds images instance sw.js favicon.png) + only: ~w(index.html static finmoji emoji packs sounds images instance sw.js favicon.png schemas) ) # Code reloading can be explicitly enabled under the -- cgit v1.2.3 From 0a2c1a3419d6b5aaf078609063d355f3d6ea046a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 19:30:55 +0000 Subject: user: add optional local_only param to get_notified_from_activity() --- lib/pleroma/user.ex | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 0d11101a3..acb355a05 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -464,15 +464,25 @@ defmodule Pleroma.User do update_and_set_cache(cs) end - def get_notified_from_activity_query(to) do + def get_notified_from_activity_query(to, false) do from( u in User, - where: u.ap_id in ^to, + where: u.ap_id in ^to + ) + end + + def get_notified_from_activity_query(to, true) do + query = get_notified_from_activity_query(to, false) + + from( + u in query, where: u.local == true ) end - def get_notified_from_activity(%Activity{data: %{"type" => "Announce", "to" => to} = data}) do + def get_notified_from_activity(activity, local_only \\ true) + + def get_notified_from_activity(%Activity{data: %{"type" => "Announce", "to" => to} = data}, local_only) do object = Object.normalize(data["object"]) actor = User.get_cached_by_ap_id(data["actor"]) @@ -485,18 +495,18 @@ defmodule Pleroma.User do end |> Enum.uniq() - query = get_notified_from_activity_query(to) + query = get_notified_from_activity_query(to, local_only) Repo.all(query) end - def get_notified_from_activity(%Activity{data: %{"to" => to}}) do - query = get_notified_from_activity_query(to) + def get_notified_from_activity(%Activity{data: %{"to" => to}}, local_only) do + query = get_notified_from_activity_query(to, local_only) Repo.all(query) end - def get_notified_from_activity(_), do: [] + def get_notified_from_activity(_, _), do: [] def get_recipients_from_activity(%Activity{recipients: to}) do query = -- cgit v1.2.3 From 6b4064fa5ddd8396faf7d6afef891d70e7a2e881 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 19:31:59 +0000 Subject: activitypub: transmogrifier: unify mention extraction --- lib/pleroma/user.ex | 5 ++++- lib/pleroma/web/activity_pub/transmogrifier.ex | 7 ++----- lib/pleroma/web/activity_pub/utils.ex | 4 ++++ 3 files changed, 10 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index acb355a05..260d904bc 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -482,7 +482,10 @@ defmodule Pleroma.User do def get_notified_from_activity(activity, local_only \\ true) - def get_notified_from_activity(%Activity{data: %{"type" => "Announce", "to" => to} = data}, local_only) do + def get_notified_from_activity( + %Activity{data: %{"type" => "Announce", "to" => to} = data}, + local_only + ) do object = Object.normalize(data["object"]) actor = User.get_cached_by_ap_id(data["actor"]) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1471c9416..6a0fdb433 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -693,12 +693,9 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end def add_mention_tags(object) do - recipients = object["to"] || [] - mentions = - recipients - |> Enum.map(fn ap_id -> User.get_cached_by_ap_id(ap_id) end) - |> Enum.filter(& &1) + object + |> Utils.get_notified_from_object() |> Enum.map(fn user -> %{"type" => "Mention", "href" => user.ap_id, "name" => "@#{user.nickname}"} end) diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index d81c824f0..fd9c5eb59 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -95,6 +95,10 @@ defmodule Pleroma.Web.ActivityPub.Utils do "#{Web.base_url()}/#{type}/#{UUID.generate()}" end + def get_notified_from_object(object) do + User.get_notified_from_activity(%Activity{data: object}, false) + end + def create_context(context) do context = context || generate_id("contexts") changeset = Object.context_mapping(context) -- cgit v1.2.3 From 81d6ca17830538aea2815a0381f3a287d68c454f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Thu, 8 Nov 2018 20:01:42 +0000 Subject: user: implement AS2 mention extraction + unify Announce handling --- lib/pleroma/user.ex | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 260d904bc..71bdbebee 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -482,28 +482,37 @@ defmodule Pleroma.User do def get_notified_from_activity(activity, local_only \\ true) - def get_notified_from_activity( - %Activity{data: %{"type" => "Announce", "to" => to} = data}, - local_only - ) do + def get_notified_from_activity(%Activity{data: %{"to" => to} = data}, local_only) do object = Object.normalize(data["object"]) - actor = User.get_cached_by_ap_id(data["actor"]) - # ensure that the actor who published the announced object appears only once - to = - if actor.nickname != nil do - to ++ [object.data["actor"]] + # somehow, get an AS2 object, preferring the normalized object if we have one + object_data = + if object do + object.data else - to + if is_map(data["object"]) do + data["object"] + else + %{} + end end - |> Enum.uniq() - query = get_notified_from_activity_query(to, local_only) + # finally extract AS2 mentions from this object + tagged_mentions = + if object_data["tag"] do + object_data["tag"] + |> Enum.filter(fn x -> is_map(x) end) + |> Enum.filter(fn x -> x["type"] == "Mention" end) + |> Enum.map(fn x -> x["href"] end) + else + [] + end - Repo.all(query) - end + # ensure all mentioned users are unique + to = + (to ++ tagged_mentions) + |> Enum.uniq() - def get_notified_from_activity(%Activity{data: %{"to" => to}}, local_only) do query = get_notified_from_activity_query(to, local_only) Repo.all(query) -- cgit v1.2.3 From d26cd6c1bfe1d493b9443f2bd181ce90f22b36a2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 9 Nov 2018 08:23:45 +0000 Subject: user: factor out user set fetching from User.get_notified_from_activity() --- lib/pleroma/user.ex | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 71bdbebee..0e4aa0903 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -464,15 +464,15 @@ defmodule Pleroma.User do update_and_set_cache(cs) end - def get_notified_from_activity_query(to, false) do + def get_users_from_set_query(ap_ids, false) do from( u in User, - where: u.ap_id in ^to + where: u.ap_id in ^ap_ids ) end - def get_notified_from_activity_query(to, true) do - query = get_notified_from_activity_query(to, false) + def get_users_from_set_query(ap_ids, true) do + query = get_users_from_set_query(ap_ids, false) from( u in query, @@ -480,6 +480,11 @@ defmodule Pleroma.User do ) end + def get_users_from_set(ap_ids, local_only \\ true) do + get_users_from_set_query(ap_ids, local_only) + |> Repo.all() + end + def get_notified_from_activity(activity, local_only \\ true) def get_notified_from_activity(%Activity{data: %{"to" => to} = data}, local_only) do @@ -513,9 +518,7 @@ defmodule Pleroma.User do (to ++ tagged_mentions) |> Enum.uniq() - query = get_notified_from_activity_query(to, local_only) - - Repo.all(query) + get_users_from_set(to, local_only) end def get_notified_from_activity(_, _), do: [] -- cgit v1.2.3 From cdfdd77e30eb7d83b68d932148cc24a3fbcd5967 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 9 Nov 2018 08:41:26 +0000 Subject: notification: implement new Notification.get_notified_from_activity() --- lib/pleroma/notification.ex | 60 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 58 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index 75d7461e4..ca4113d31 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -1,6 +1,6 @@ defmodule Pleroma.Notification do use Ecto.Schema - alias Pleroma.{User, Activity, Notification, Repo} + alias Pleroma.{User, Activity, Notification, Repo, Object} import Ecto.Query schema "notifications" do @@ -95,7 +95,7 @@ defmodule Pleroma.Notification do def create_notifications(%Activity{id: _, data: %{"to" => _, "type" => type}} = activity) when type in ["Create", "Like", "Announce", "Follow"] do - users = User.get_notified_from_activity(activity) + users = get_notified_from_activity(activity) notifications = Enum.map(users, fn user -> create_notification(activity, user) end) {:ok, notifications} @@ -113,4 +113,60 @@ defmodule Pleroma.Notification do notification end end + + def get_notified_from_activity( + %Activity{data: %{"to" => _, "type" => type} = data} = activity, + local_only \\ true + ) + when type in ["Create", "Like", "Announce", "Follow"] do + recipients = + [] + |> maybe_notify_to_recipients(activity) + |> maybe_notify_mentioned_recipients(activity) + |> Enum.uniq() + + User.get_users_from_set(recipients, local_only) + end + + defp maybe_notify_to_recipients( + recipients, + %Activity{data: %{"to" => to, "type" => type}} = activity + ) do + recipients ++ to + end + + defp maybe_notify_mentioned_recipients( + recipients, + %Activity{data: %{"to" => to, "type" => type} = data} = activity + ) + when type == "Create" do + object = Object.normalize(data["object"]) + + object_data = + cond do + !is_nil(object) -> + object.data + + is_map(data["object"]) -> + data["object"] + + true -> + %{} + end + + tagged_mentions = maybe_extract_mentions(object_data) + + recipients ++ tagged_mentions + end + + defp maybe_notify_mentioned_recipients(recipients, _), do: recipients + + defp maybe_extract_mentions(%{"tag" => tag}) do + tag + |> Enum.filter(fn x -> is_map(x) end) + |> Enum.filter(fn x -> x["type"] == "Mention" end) + |> Enum.map(fn x -> x["href"] end) + end + + defp maybe_extract_mentions(_), do: [] end -- cgit v1.2.3 From 6cadfcb21eb58de3d4c635fb563cd4bcebffd3e2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 9 Nov 2018 08:42:33 +0000 Subject: activitypub: utils: switch to using new Notification.get_notified_from_activity(). --- lib/pleroma/web/activity_pub/utils.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index fd9c5eb59..a9a4c895b 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -1,5 +1,5 @@ defmodule Pleroma.Web.ActivityPub.Utils do - alias Pleroma.{Repo, Web, Object, Activity, User} + alias Pleroma.{Repo, Web, Object, Activity, User, Notification} alias Pleroma.Web.Router.Helpers alias Pleroma.Web.Endpoint alias Ecto.{Changeset, UUID} @@ -96,7 +96,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do end def get_notified_from_object(object) do - User.get_notified_from_activity(%Activity{data: object}, false) + Notification.get_notified_from_activity(%Activity{data: object}, false) end def create_context(context) do -- cgit v1.2.3 From 8c805ada32ced1e33c5f1c9171f8032c0bf7597d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 9 Nov 2018 08:42:49 +0000 Subject: user: remove obsolete User.get_notified_from_activity(). --- lib/pleroma/user.ex | 38 -------------------------------------- 1 file changed, 38 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 0e4aa0903..be634a8e1 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -485,44 +485,6 @@ defmodule Pleroma.User do |> Repo.all() end - def get_notified_from_activity(activity, local_only \\ true) - - def get_notified_from_activity(%Activity{data: %{"to" => to} = data}, local_only) do - object = Object.normalize(data["object"]) - - # somehow, get an AS2 object, preferring the normalized object if we have one - object_data = - if object do - object.data - else - if is_map(data["object"]) do - data["object"] - else - %{} - end - end - - # finally extract AS2 mentions from this object - tagged_mentions = - if object_data["tag"] do - object_data["tag"] - |> Enum.filter(fn x -> is_map(x) end) - |> Enum.filter(fn x -> x["type"] == "Mention" end) - |> Enum.map(fn x -> x["href"] end) - else - [] - end - - # ensure all mentioned users are unique - to = - (to ++ tagged_mentions) - |> Enum.uniq() - - get_users_from_set(to, local_only) - end - - def get_notified_from_activity(_, _), do: [] - def get_recipients_from_activity(%Activity{recipients: to}) do query = from( -- cgit v1.2.3 From b9871e7e5aaf59e92d0fe00e8dfe0de2855a3c12 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 9 Nov 2018 08:55:52 +0000 Subject: activitypub: utils: wrap Note objects in a Create when extracting mentions --- lib/pleroma/web/activity_pub/utils.ex | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index a9a4c895b..d438236c7 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -95,6 +95,17 @@ defmodule Pleroma.Web.ActivityPub.Utils do "#{Web.base_url()}/#{type}/#{UUID.generate()}" end + def get_notified_from_object(%{"type" => type} = object) when type == "Note" do + fake_create_activity = %{ + "to" => object["to"], + "cc" => object["cc"], + "type" => "Create", + "object" => object + } + + Notification.get_notified_from_activity(%Activity{data: fake_create_activity}, false) + end + def get_notified_from_object(object) do Notification.get_notified_from_activity(%Activity{data: object}, false) end -- cgit v1.2.3 From b3c360ce2c846bfcd89af347382b8d62762c9ceb Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 9 Nov 2018 09:07:40 +0000 Subject: notification: add fallback get_notified_from_activity() --- lib/pleroma/notification.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index ca4113d31..a3aeb1221 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -114,9 +114,11 @@ defmodule Pleroma.Notification do end end + def get_notified_from_activity(activity, local_only \\ true) + def get_notified_from_activity( %Activity{data: %{"to" => _, "type" => type} = data} = activity, - local_only \\ true + local_only ) when type in ["Create", "Like", "Announce", "Follow"] do recipients = @@ -128,6 +130,8 @@ defmodule Pleroma.Notification do User.get_users_from_set(recipients, local_only) end + def get_notified_from_activity(_, local_only), do: [] + defp maybe_notify_to_recipients( recipients, %Activity{data: %{"to" => to, "type" => type}} = activity -- cgit v1.2.3 From e4971553c74436b7060f410fe6cbd4f7a9c13b80 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 9 Nov 2018 13:39:44 +0000 Subject: activitypub: utils: use same object type list for mention extraction as insertion --- lib/pleroma/web/activity_pub/utils.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index d438236c7..fac91830a 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -6,6 +6,8 @@ defmodule Pleroma.Web.ActivityPub.Utils do import Ecto.Query require Logger + @supported_object_types ["Article", "Note", "Video", "Page"] + # Some implementations send the actor URI as the actor field, others send the entire actor object, # so figure out what the actor's URI is based on what we have. def get_ap_id(object) do @@ -95,7 +97,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do "#{Web.base_url()}/#{type}/#{UUID.generate()}" end - def get_notified_from_object(%{"type" => type} = object) when type == "Note" do + def get_notified_from_object(%{"type" => type} = object) when type in @supported_object_types do fake_create_activity = %{ "to" => object["to"], "cc" => object["cc"], @@ -179,7 +181,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do Inserts a full object if it is contained in an activity. """ def insert_full_object(%{"object" => %{"type" => type} = object_data}) - when is_map(object_data) and type in ["Article", "Note", "Video", "Page"] do + when is_map(object_data) and type in @supported_object_types do with {:ok, _} <- Object.create(object_data) do :ok end -- cgit v1.2.3 From e6d246882da834380ea0903fdad1fa7ef5951277 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 10 Nov 2018 10:05:41 +0000 Subject: federator: don't federate anything other than Note objects to OStatus --- lib/pleroma/web/federator/federator.ex | 11 +++++++---- lib/pleroma/web/ostatus/ostatus.ex | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 6071d08e4..962cacfa3 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.Federator do alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils + alias Pleroma.Web.OStatus require Logger @websub Application.get_env(:pleroma, :websub) @@ -63,11 +64,13 @@ defmodule Pleroma.Web.Federator do {:ok, actor} = WebFinger.ensure_keys_present(actor) if ActivityPub.is_public?(activity) do - Logger.info(fn -> "Sending #{activity.data["id"]} out via WebSub" end) - Websub.publish(Pleroma.Web.OStatus.feed_path(actor), actor, activity) + if OStatus.is_representable?(activity) do + Logger.info(fn -> "Sending #{activity.data["id"]} out via WebSub" end) + Websub.publish(Pleroma.Web.OStatus.feed_path(actor), actor, activity) - Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end) - Pleroma.Web.Salmon.publish(actor, activity) + Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end) + Pleroma.Web.Salmon.publish(actor, activity) + end if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do Logger.info(fn -> "Relaying #{activity.data["id"]} out" end) diff --git a/lib/pleroma/web/ostatus/ostatus.ex b/lib/pleroma/web/ostatus/ostatus.ex index 916c894eb..1d0019d3b 100644 --- a/lib/pleroma/web/ostatus/ostatus.ex +++ b/lib/pleroma/web/ostatus/ostatus.ex @@ -11,6 +11,21 @@ defmodule Pleroma.Web.OStatus do alias Pleroma.Web.OStatus.{FollowHandler, UnfollowHandler, NoteHandler, DeleteHandler} alias Pleroma.Web.ActivityPub.Transmogrifier + def is_representable?(%Activity{data: data}) do + object = Object.normalize(data["object"]) + + cond do + is_nil(object) -> + false + + object.data["type"] == "Note" -> + true + + true -> + false + end + end + def feed_path(user) do "#{user.ap_id}/feed.atom" end -- cgit v1.2.3 From 03a9990baf64cfa1abc9fb914ff4b3b24a71d416 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 10 Nov 2018 11:18:25 +0000 Subject: endpoint: fix formatting --- lib/pleroma/web/endpoint.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index b38f33863..2469d7283 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -17,7 +17,8 @@ defmodule Pleroma.Web.Endpoint do Plug.Static, at: "/", from: :pleroma, - only: ~w(index.html static finmoji emoji packs sounds images instance sw.js favicon.png schemas) + only: + ~w(index.html static finmoji emoji packs sounds images instance sw.js favicon.png schemas) ) # Code reloading can be explicitly enabled under the -- cgit v1.2.3 From 4f87b8362b44cf1b628248dbf38eabf670575ca2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 10 Nov 2018 11:23:50 +0000 Subject: endpoint: move CORSPlug in front of Plug.Static --- lib/pleroma/web/endpoint.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 2469d7283..cb5de087b 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -11,6 +11,8 @@ defmodule Pleroma.Web.Endpoint do # # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. + plug(CORSPlug) + plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false) plug( @@ -57,7 +59,6 @@ defmodule Pleroma.Web.Endpoint do extra: "SameSite=Strict" ) - plug(CORSPlug) plug(Pleroma.Web.Router) @doc """ -- cgit v1.2.3 From f8310114a6a4154118e54ebaac6f4a96941be4a6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 10 Nov 2018 12:04:09 +0000 Subject: activitypub: object view: sanitize both the activity and the object when an activity is given for rendering --- lib/pleroma/web/activity_pub/views/object_view.ex | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/object_view.ex b/lib/pleroma/web/activity_pub/views/object_view.ex index df734a871..1911ddfb7 100644 --- a/lib/pleroma/web/activity_pub/views/object_view.ex +++ b/lib/pleroma/web/activity_pub/views/object_view.ex @@ -1,11 +1,23 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do use Pleroma.Web, :view + alias Pleroma.{Object, Activity} alias Pleroma.Web.ActivityPub.Transmogrifier - def render("object.json", %{object: object}) do + def render("object.json", %{object: %Object{} = object}) do base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header() additional = Transmogrifier.prepare_object(object.data) Map.merge(base, additional) end + + def render("object.json", %{object: %Activity{} = activity}) do + base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header() + object = Object.normalize(activity.data["object"]) + + additional = + Transmogrifier.prepare_object(activity.data) + |> Map.put("object", Transmogrifier.prepare_object(object.data)) + + Map.merge(base, additional) + end end -- cgit v1.2.3 From e1814bb322dda732143fdb0cb60dbce82fe433da Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 13 Jul 2018 01:02:18 +0200 Subject: Document mix tasks --- lib/mix/tasks/make_moderator.ex | 9 ++++++++- lib/mix/tasks/register_user.ex | 8 ++++++++ lib/mix/tasks/set_locked.ex | 11 ++++++++++- 3 files changed, 26 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/make_moderator.ex b/lib/mix/tasks/make_moderator.ex index a454a958e..000671c44 100644 --- a/lib/mix/tasks/make_moderator.ex +++ b/lib/mix/tasks/make_moderator.ex @@ -1,9 +1,16 @@ defmodule Mix.Tasks.SetModerator do + @moduledoc """ + Set moderator to a local user + + Usage: ``mix set_moderator `` + + Example: ``mix set_moderator lain`` + """ + use Mix.Task import Mix.Ecto alias Pleroma.{Repo, User} - @shortdoc "Set moderator status" def run([nickname | rest]) do Application.ensure_all_started(:pleroma) diff --git a/lib/mix/tasks/register_user.ex b/lib/mix/tasks/register_user.ex index e74721c49..1f5321093 100644 --- a/lib/mix/tasks/register_user.ex +++ b/lib/mix/tasks/register_user.ex @@ -1,4 +1,12 @@ defmodule Mix.Tasks.RegisterUser do + @moduledoc """ + Manually register a local user + + Usage: ``mix register_user `` + + Example: ``mix register_user 仮面の告白 lain lain@example.org "blushy-crushy fediverse idol + pleroma dev" pleaseDontHeckLain`` + """ + use Mix.Task alias Pleroma.{Repo, User} diff --git a/lib/mix/tasks/set_locked.ex b/lib/mix/tasks/set_locked.ex index 2b3b18b09..a154595ca 100644 --- a/lib/mix/tasks/set_locked.ex +++ b/lib/mix/tasks/set_locked.ex @@ -1,9 +1,18 @@ defmodule Mix.Tasks.SetLocked do + @moduledoc """ + Lock a local user + + The local user will then have to manually accept/reject followers. This can also be done by the user into their settings. + + Usage: ``mix set_locked `` + + Example: ``mix set_locked lain`` + """ + use Mix.Task import Mix.Ecto alias Pleroma.{Repo, User} - @shortdoc "Set locked status" def run([nickname | rest]) do ensure_started(Repo, []) -- cgit v1.2.3 From 8b2541e4e7fb37f38422bf6c02cc10863a927e61 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 09:32:48 +0100 Subject: Document the mix tasks in ex_doc instead --- lib/mix/tasks/deactivate_user.ex | 8 +++++++- lib/mix/tasks/generate_config.ex | 10 +++++++++- lib/mix/tasks/generate_invite_token.ex | 9 ++++++++- lib/mix/tasks/make_moderator.ex | 2 +- lib/mix/tasks/rm_user.ex | 8 +++++++- 5 files changed, 32 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/deactivate_user.ex b/lib/mix/tasks/deactivate_user.ex index f18541787..e71ed1ec0 100644 --- a/lib/mix/tasks/deactivate_user.ex +++ b/lib/mix/tasks/deactivate_user.ex @@ -2,7 +2,13 @@ defmodule Mix.Tasks.DeactivateUser do use Mix.Task alias Pleroma.User - @shortdoc "Deactivate a user" + @moduledoc """ + Deactivates a user (local or remote) + + Usage: ``mix deactivate_user `` + + Example: ``mix deactivate_user lain`` + """ def run([nickname]) do Mix.Task.run("app.start") diff --git a/lib/mix/tasks/generate_config.ex b/lib/mix/tasks/generate_config.ex index 70a110561..e3cbbf131 100644 --- a/lib/mix/tasks/generate_config.ex +++ b/lib/mix/tasks/generate_config.ex @@ -1,7 +1,15 @@ defmodule Mix.Tasks.GenerateConfig do use Mix.Task - @shortdoc "Generates a new config" + @moduledoc """ + Generate a new config + + ## Usage + ``mix generate_config`` + + This mix task is interactive, and will overwrite the config present at ``config/generated_config.exs``. + """ + def run(_) do IO.puts("Answer a few questions to generate a new config\n") IO.puts("--- THIS WILL OVERWRITE YOUR config/generated_config.exs! ---\n") diff --git a/lib/mix/tasks/generate_invite_token.ex b/lib/mix/tasks/generate_invite_token.ex index c4daa9a6c..418ef3790 100644 --- a/lib/mix/tasks/generate_invite_token.ex +++ b/lib/mix/tasks/generate_invite_token.ex @@ -1,7 +1,14 @@ defmodule Mix.Tasks.GenerateInviteToken do use Mix.Task - @shortdoc "Generate invite token for user" + @moduledoc """ + Generates invite token + + This is in the form of a URL to be used by the Invited user to register themselves. + + ## Usage + ``mix generate_invite_token`` + """ def run([]) do Mix.Task.run("app.start") diff --git a/lib/mix/tasks/make_moderator.ex b/lib/mix/tasks/make_moderator.ex index 000671c44..15586dc30 100644 --- a/lib/mix/tasks/make_moderator.ex +++ b/lib/mix/tasks/make_moderator.ex @@ -2,7 +2,7 @@ defmodule Mix.Tasks.SetModerator do @moduledoc """ Set moderator to a local user - Usage: ``mix set_moderator `` + Usage: ``mix set_moderator `` Example: ``mix set_moderator lain`` """ diff --git a/lib/mix/tasks/rm_user.ex b/lib/mix/tasks/rm_user.ex index b7c922d6c..50463046c 100644 --- a/lib/mix/tasks/rm_user.ex +++ b/lib/mix/tasks/rm_user.ex @@ -2,7 +2,13 @@ defmodule Mix.Tasks.RmUser do use Mix.Task alias Pleroma.User - @shortdoc "Permanently delete a user" + @moduledoc """ + Permanently deletes a user + + Usage: ``mix rm_user [nickname]`` + + Example: ``mix rm_user lain`` + """ def run([nickname]) do Mix.Task.run("app.start") -- cgit v1.2.3 From 64c0289893e870cf3f5525fdffb6b25ab3cc2f25 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 15:21:09 +0100 Subject: lib/mix/tasks: Add remaining documentation for mix tasks --- lib/mix/tasks/generate_password_reset.ex | 8 +++++++- lib/mix/tasks/reactivate_user.ex | 8 +++++++- lib/mix/tasks/relay_follow.ex | 7 +++++++ lib/mix/tasks/relay_unfollow.ex | 8 +++++++- lib/mix/tasks/unsubscribe_user.ex | 9 ++++++++- 5 files changed, 36 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/generate_password_reset.ex b/lib/mix/tasks/generate_password_reset.ex index 6bf640150..e581e2e11 100644 --- a/lib/mix/tasks/generate_password_reset.ex +++ b/lib/mix/tasks/generate_password_reset.ex @@ -2,7 +2,13 @@ defmodule Mix.Tasks.GeneratePasswordReset do use Mix.Task alias Pleroma.User - @shortdoc "Generate password reset link for user" + @doc """ + Generate password reset link for user + + Usage: ``mix generate_password_reset `` + + Example: ``mix generate_password_reset lain`` + """ def run([nickname]) do Mix.Task.run("app.start") diff --git a/lib/mix/tasks/reactivate_user.ex b/lib/mix/tasks/reactivate_user.ex index 40bd068ea..41e4cbbec 100644 --- a/lib/mix/tasks/reactivate_user.ex +++ b/lib/mix/tasks/reactivate_user.ex @@ -2,7 +2,13 @@ defmodule Mix.Tasks.ReactivateUser do use Mix.Task alias Pleroma.User - @shortdoc "Reactivate a user" + @doc """ + Reactivate a user + + Usage: ``mix reactivate_user `` + + Example: ``mix reactivate_user lain`` + """ def run([nickname]) do Mix.Task.run("app.start") diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index ac6f20924..7428ec6ef 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -4,6 +4,13 @@ defmodule Mix.Tasks.RelayFollow do alias Pleroma.Web.ActivityPub.Relay @shortdoc "Follows a remote relay" + @doc """ + Follows a remote relay + + Usage: ``mix relay_follow `` + + Example: ``mix relay_follow https://example.org/relay`` + """ def run([target]) do Mix.Task.run("app.start") diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index 4621ace83..cb13a0729 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -3,7 +3,13 @@ defmodule Mix.Tasks.RelayUnfollow do require Logger alias Pleroma.Web.ActivityPub.Relay - @shortdoc "Follows a remote relay" + @doc """ + Unfollows a remote relay + + Usage: ``mix relay_follow `` + + Example: ``mix relay_follow https://example.org/relay`` + """ def run([target]) do Mix.Task.run("app.start") diff --git a/lib/mix/tasks/unsubscribe_user.ex b/lib/mix/tasks/unsubscribe_user.ex index bb72634b6..75811374b 100644 --- a/lib/mix/tasks/unsubscribe_user.ex +++ b/lib/mix/tasks/unsubscribe_user.ex @@ -3,7 +3,14 @@ defmodule Mix.Tasks.UnsubscribeUser do alias Pleroma.{User, Repo} require Logger - @shortdoc "Unsubscribe all users from a target and then deactivate them" + @doc """ + Deactivate and Unsubscribe local users from a user + + Usage: ``mix unsubscribe_user `` + + Example: ``mix unsubscribe_user lain`` + """ + def run([nickname]) do def run([nickname]) do Mix.Task.run("app.start") -- cgit v1.2.3 From 5e3207045e5c58c4c0ebb5d37d0cbfbd5a7db4db Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 15:26:11 +0100 Subject: lib/mix/tasks/unsubscribe_user.ex: Fix syntax from bad line copy --- lib/mix/tasks/unsubscribe_user.ex | 1 - 1 file changed, 1 deletion(-) (limited to 'lib') diff --git a/lib/mix/tasks/unsubscribe_user.ex b/lib/mix/tasks/unsubscribe_user.ex index 75811374b..fe4f7d479 100644 --- a/lib/mix/tasks/unsubscribe_user.ex +++ b/lib/mix/tasks/unsubscribe_user.ex @@ -10,7 +10,6 @@ defmodule Mix.Tasks.UnsubscribeUser do Example: ``mix unsubscribe_user lain`` """ - def run([nickname]) do def run([nickname]) do Mix.Task.run("app.start") -- cgit v1.2.3 From 5ecb5629f6714cf20df3ac28eef585822fb2ea45 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 15:28:50 +0100 Subject: lib/mix/tasks: s/@doc/@moduledoc/ --- lib/mix/tasks/generate_password_reset.ex | 2 +- lib/mix/tasks/reactivate_user.ex | 2 +- lib/mix/tasks/relay_follow.ex | 2 +- lib/mix/tasks/relay_unfollow.ex | 2 +- lib/mix/tasks/unsubscribe_user.ex | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/generate_password_reset.ex b/lib/mix/tasks/generate_password_reset.ex index e581e2e11..f7f4c4f59 100644 --- a/lib/mix/tasks/generate_password_reset.ex +++ b/lib/mix/tasks/generate_password_reset.ex @@ -2,7 +2,7 @@ defmodule Mix.Tasks.GeneratePasswordReset do use Mix.Task alias Pleroma.User - @doc """ + @moduledoc """ Generate password reset link for user Usage: ``mix generate_password_reset `` diff --git a/lib/mix/tasks/reactivate_user.ex b/lib/mix/tasks/reactivate_user.ex index 41e4cbbec..a30d3ac8b 100644 --- a/lib/mix/tasks/reactivate_user.ex +++ b/lib/mix/tasks/reactivate_user.ex @@ -2,7 +2,7 @@ defmodule Mix.Tasks.ReactivateUser do use Mix.Task alias Pleroma.User - @doc """ + @moduledoc """ Reactivate a user Usage: ``mix reactivate_user `` diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index 7428ec6ef..4d57c6bca 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -4,7 +4,7 @@ defmodule Mix.Tasks.RelayFollow do alias Pleroma.Web.ActivityPub.Relay @shortdoc "Follows a remote relay" - @doc """ + @moduledoc """ Follows a remote relay Usage: ``mix relay_follow `` diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index cb13a0729..bd69fd8a0 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -3,7 +3,7 @@ defmodule Mix.Tasks.RelayUnfollow do require Logger alias Pleroma.Web.ActivityPub.Relay - @doc """ + @moduledoc """ Unfollows a remote relay Usage: ``mix relay_follow `` diff --git a/lib/mix/tasks/unsubscribe_user.ex b/lib/mix/tasks/unsubscribe_user.ex index fe4f7d479..62ea61a5c 100644 --- a/lib/mix/tasks/unsubscribe_user.ex +++ b/lib/mix/tasks/unsubscribe_user.ex @@ -3,7 +3,7 @@ defmodule Mix.Tasks.UnsubscribeUser do alias Pleroma.{User, Repo} require Logger - @doc """ + @moduledoc """ Deactivate and Unsubscribe local users from a user Usage: ``mix unsubscribe_user `` -- cgit v1.2.3 From 97e50f3191f6ea8479729b639921180fcadccf73 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 10 Nov 2018 12:08:53 +0000 Subject: activitypub: transmogrifier: sanitize internal representation details from outgoing objects this causes JSON-LD parsers to get upset and has also lead to developer confusion from outside projects which tried to parse our internal data. accordingly, it seems better to just remove it. --- lib/pleroma/web/activity_pub/transmogrifier.ex | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 6a0fdb433..d51d8626b 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -589,6 +589,8 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> prepare_attachments |> set_conversation |> set_reply_to_uri + |> strip_internal_fields + |> strip_internal_tags end # @doc @@ -755,6 +757,29 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do |> Map.put("attachment", attachments) end + defp strip_internal_fields(object) do + object + |> Map.drop([ + "likes", + "like_count", + "announcements", + "announcement_count", + "emoji", + "context_id" + ]) + end + + defp strip_internal_tags(%{"tag" => tags} = object) do + tags = + tags + |> Enum.filter(fn x -> is_map(x) end) + + object + |> Map.put("tag", tags) + end + + defp strip_internal_tags(object), do: object + defp user_upgrade_task(user) do old_follower_address = User.ap_followers(user) -- cgit v1.2.3 From 419ed3a0ca62dbcc4ea3985f6561e2aad4b48e5b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 05:11:27 +0000 Subject: oauth: fix token decode regression --- lib/pleroma/web/oauth/oauth_controller.ex | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 35c158fbb..d03c8b05a 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -143,8 +143,11 @@ defmodule Pleroma.Web.OAuth.OAuthController do end end + # XXX - for whatever reason our token arrives urlencoded, but Plug.Conn should be + # decoding it. Investigate sometime. defp fix_padding(token) do token + |> URI.decode() |> Base.url_decode64!(padding: false) |> Base.url_encode64() end -- cgit v1.2.3 From f516e317ea639bf0d2cdf3d1f1e2e00b5b7c90ef Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:10:21 +0000 Subject: plugs: add CSPPlug --- lib/pleroma/plugs/csp_plug.ex | 38 ++++++++++++++++++++++++++++++++++++++ lib/pleroma/web/endpoint.ex | 1 + 2 files changed, 39 insertions(+) create mode 100644 lib/pleroma/plugs/csp_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/csp_plug.ex new file mode 100644 index 000000000..15d466c36 --- /dev/null +++ b/lib/pleroma/plugs/csp_plug.ex @@ -0,0 +1,38 @@ +defmodule Pleroma.Plugs.CSPPlug do + import Plug.Conn + + def init(opts), do: opts + + def call(conn, options) do + conn = merge_resp_headers(conn, headers()) + end + + defp headers do + [ + {"x-xss-protection", "1; mode=block"}, + {"x-permitted-cross-domain-policies", "none"}, + {"x-frame-options", "DENY"}, + {"x-content-type-options", "nosniff"}, + {"referrer-policy", "same-origin"}, + {"x-download-options", "noopen"}, + {"content-security-policy", csp_string() <> ";"} + ] + end + + defp csp_string do + [ + "default-src 'none'", + "base-uri 'self'", + "form-action *", + "frame-ancestors 'none'", + "img-src 'self' data: https:", + "media-src 'self' https:", + "style-src 'self' 'unsafe-inline'", + "font-src 'self'", + "script-src 'self'", + "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), + "upgrade-insecure-requests" + ] + |> Enum.join("; ") + end +end diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index cb5de087b..370d2d792 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -12,6 +12,7 @@ defmodule Pleroma.Web.Endpoint do # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. plug(CORSPlug) + plug(Pleroma.Plugs.CSPPlug) plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false) -- cgit v1.2.3 From a2bf5426cb84940dbd58aec10a7b1b0a90f26a60 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:42:14 +0000 Subject: sample config: document how to make CSPPlug send STS headers (off by default to allow for SSL debugging) --- lib/mix/tasks/sample_config.eex | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 3881ead26..824bc97a1 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -25,6 +25,10 @@ config :pleroma, Pleroma.Repo, hostname: "localhost", pool_size: 10 +# Enable Strict-Transport-Security once SSL is working: +# config :pleroma, :csp, +# sts: true + # Configure S3 support if desired. # The public S3 endpoint is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. -- cgit v1.2.3 From 331cf6ada1e4df51b366c79126e094ee335dd684 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:50:28 +0000 Subject: csp plug: add sts support --- lib/pleroma/plugs/csp_plug.ex | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/csp_plug.ex index 15d466c36..56f2376ee 100644 --- a/lib/pleroma/plugs/csp_plug.ex +++ b/lib/pleroma/plugs/csp_plug.ex @@ -1,10 +1,17 @@ defmodule Pleroma.Plugs.CSPPlug do + alias Pleroma.Config import Plug.Conn def init(opts), do: opts def call(conn, options) do - conn = merge_resp_headers(conn, headers()) + if Config.get([:csp, :enabled]) do + conn = + merge_resp_headers(conn, headers()) + |> maybe_send_sts_header(Config.get([:csp, :sts])) + else + conn + end end defp headers do @@ -35,4 +42,14 @@ defmodule Pleroma.Plugs.CSPPlug do ] |> Enum.join("; ") end + + defp maybe_send_sts_header(conn, true) do + max_age = Config.get([:csp, :sts_max_age]) + + merge_resp_headers(conn, [ + {"strict-transport-security", "max-age=#{max_age}; includeSubDomains"} + ]) + end + + defp maybe_send_sts_header(conn, _), do: conn end -- cgit v1.2.3 From df72978dce3805157537e8fa1a2fec35fcf9a7cd Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:53:42 +0000 Subject: csp plug: add support for certificate transparency --- lib/pleroma/plugs/csp_plug.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/csp_plug.ex index 56f2376ee..8fc21b909 100644 --- a/lib/pleroma/plugs/csp_plug.ex +++ b/lib/pleroma/plugs/csp_plug.ex @@ -44,10 +44,12 @@ defmodule Pleroma.Plugs.CSPPlug do end defp maybe_send_sts_header(conn, true) do - max_age = Config.get([:csp, :sts_max_age]) + max_age_sts = Config.get([:csp, :sts_max_age]) + max_age_ct = Config.get([:csp, :ct_max_age]) merge_resp_headers(conn, [ - {"strict-transport-security", "max-age=#{max_age}; includeSubDomains"} + {"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"}, + {"expect-ct", "enforce, max-age=#{max_age_ct}"} ]) end -- cgit v1.2.3 From 1592fa2bea45eeea770044d619868087ef2591cb Mon Sep 17 00:00:00 2001 From: KokaKiwi Date: Sun, 11 Nov 2018 04:33:14 +0100 Subject: Mastodon API: Fix list streaming --- lib/pleroma/web/mastodon_api/mastodon_socket.ex | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_socket.ex b/lib/pleroma/web/mastodon_api/mastodon_socket.ex index bc628ba56..0f3d5ff7c 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_socket.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_socket.ex @@ -26,15 +26,19 @@ defmodule Pleroma.Web.MastodonAPI.MastodonSocket do "list", "hashtag" ] <- params["stream"] do - topic = if stream == "list", do: "list:#{params["list"]}", else: stream - socket_stream = if stream == "hashtag", do: "hashtag:#{params["tag"]}", else: stream + topic = + case stream do + "hashtag" -> "hashtag:#{params["tag"]}" + "list" -> "list:#{params["list"]}" + _ -> stream + end socket = socket |> assign(:topic, topic) |> assign(:user, user) - Pleroma.Web.Streamer.add_socket(socket_stream, socket) + Pleroma.Web.Streamer.add_socket(topic, socket) {:ok, socket} else _e -> :error -- cgit v1.2.3 From fe67665e19cc98faff4a8ee53a3f4ca4190ca2ef Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:08:02 +0000 Subject: rename CSPPlug to HTTPSecurityPlug. --- lib/pleroma/plugs/csp_plug.ex | 57 --------------------------------- lib/pleroma/plugs/http_security_plug.ex | 57 +++++++++++++++++++++++++++++++++ lib/pleroma/web/endpoint.ex | 2 +- 3 files changed, 58 insertions(+), 58 deletions(-) delete mode 100644 lib/pleroma/plugs/csp_plug.ex create mode 100644 lib/pleroma/plugs/http_security_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/csp_plug.ex deleted file mode 100644 index 8fc21b909..000000000 --- a/lib/pleroma/plugs/csp_plug.ex +++ /dev/null @@ -1,57 +0,0 @@ -defmodule Pleroma.Plugs.CSPPlug do - alias Pleroma.Config - import Plug.Conn - - def init(opts), do: opts - - def call(conn, options) do - if Config.get([:csp, :enabled]) do - conn = - merge_resp_headers(conn, headers()) - |> maybe_send_sts_header(Config.get([:csp, :sts])) - else - conn - end - end - - defp headers do - [ - {"x-xss-protection", "1; mode=block"}, - {"x-permitted-cross-domain-policies", "none"}, - {"x-frame-options", "DENY"}, - {"x-content-type-options", "nosniff"}, - {"referrer-policy", "same-origin"}, - {"x-download-options", "noopen"}, - {"content-security-policy", csp_string() <> ";"} - ] - end - - defp csp_string do - [ - "default-src 'none'", - "base-uri 'self'", - "form-action *", - "frame-ancestors 'none'", - "img-src 'self' data: https:", - "media-src 'self' https:", - "style-src 'self' 'unsafe-inline'", - "font-src 'self'", - "script-src 'self'", - "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), - "upgrade-insecure-requests" - ] - |> Enum.join("; ") - end - - defp maybe_send_sts_header(conn, true) do - max_age_sts = Config.get([:csp, :sts_max_age]) - max_age_ct = Config.get([:csp, :ct_max_age]) - - merge_resp_headers(conn, [ - {"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"}, - {"expect-ct", "enforce, max-age=#{max_age_ct}"} - ]) - end - - defp maybe_send_sts_header(conn, _), do: conn -end diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex new file mode 100644 index 000000000..8d652a2f3 --- /dev/null +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -0,0 +1,57 @@ +defmodule Pleroma.Plugs.HTTPSecurityPlug do + alias Pleroma.Config + import Plug.Conn + + def init(opts), do: opts + + def call(conn, options) do + if Config.get([:http_security, :enabled]) do + conn = + merge_resp_headers(conn, headers()) + |> maybe_send_sts_header(Config.get([:http_security, :sts])) + else + conn + end + end + + defp headers do + [ + {"x-xss-protection", "1; mode=block"}, + {"x-permitted-cross-domain-policies", "none"}, + {"x-frame-options", "DENY"}, + {"x-content-type-options", "nosniff"}, + {"referrer-policy", "same-origin"}, + {"x-download-options", "noopen"}, + {"content-security-policy", csp_string() <> ";"} + ] + end + + defp csp_string do + [ + "default-src 'none'", + "base-uri 'self'", + "form-action *", + "frame-ancestors 'none'", + "img-src 'self' data: https:", + "media-src 'self' https:", + "style-src 'self' 'unsafe-inline'", + "font-src 'self'", + "script-src 'self'", + "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), + "upgrade-insecure-requests" + ] + |> Enum.join("; ") + end + + defp maybe_send_sts_header(conn, true) do + max_age_sts = Config.get([:http_security, :sts_max_age]) + max_age_ct = Config.get([:http_security, :ct_max_age]) + + merge_resp_headers(conn, [ + {"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"}, + {"expect-ct", "enforce, max-age=#{max_age_ct}"} + ]) + end + + defp maybe_send_sts_header(conn, _), do: conn +end diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 370d2d792..7783b8e5c 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -12,7 +12,7 @@ defmodule Pleroma.Web.Endpoint do # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. plug(CORSPlug) - plug(Pleroma.Plugs.CSPPlug) + plug(Pleroma.Plugs.HTTPSecurityPlug) plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false) -- cgit v1.2.3 From ee5932a504d69e591aad7bdd52bd97d1f92d4e32 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:14:46 +0000 Subject: http security: allow referrer-policy to be configured --- lib/pleroma/plugs/http_security_plug.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 8d652a2f3..960c7f6bf 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -15,12 +15,14 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do end defp headers do + referrer_policy = Config.get([:http_security, :referrer_policy]) + [ {"x-xss-protection", "1; mode=block"}, {"x-permitted-cross-domain-policies", "none"}, {"x-frame-options", "DENY"}, {"x-content-type-options", "nosniff"}, - {"referrer-policy", "same-origin"}, + {"referrer-policy", referrer_policy}, {"x-download-options", "noopen"}, {"content-security-policy", csp_string() <> ";"} ] -- cgit v1.2.3 From 2829fa41830ad8565fc186c3dc110f4d275f8827 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:17:04 +0000 Subject: sample config: chase http_security change --- lib/mix/tasks/sample_config.eex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 824bc97a1..462c34636 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -26,7 +26,7 @@ config :pleroma, Pleroma.Repo, pool_size: 10 # Enable Strict-Transport-Security once SSL is working: -# config :pleroma, :csp, +# config :pleroma, :http_security, # sts: true # Configure S3 support if desired. -- cgit v1.2.3 From cb6fd738614a016fc143221a5ae588aa82f3a251 Mon Sep 17 00:00:00 2001 From: scarlett Date: Mon, 12 Nov 2018 15:38:39 +0000 Subject: Twitter API: Fall back to user.nickname if user has no name --- lib/pleroma/web/twitter_api/views/user_view.ex | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index a662f83b6..a100a1127 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -55,8 +55,12 @@ defmodule Pleroma.Web.TwitterAPI.UserView do "statusnet_blocking" => statusnet_blocking, "friends_count" => user_info[:following_count], "id" => user.id, - "name" => user.name, - "name_html" => HTML.strip_tags(user.name) |> Formatter.emojify(emoji), + "name" => user.name || user.nickname, + "name_html" => + if(user.name, + do: HTML.strip_tags(user.name) |> Formatter.emojify(emoji), + else: user.nickname + ), "profile_image_url" => image, "profile_image_url_https" => image, "profile_image_url_profile_size" => image, -- cgit v1.2.3 From 87c76a9a2fa95702df05e935c8eb232188df1318 Mon Sep 17 00:00:00 2001 From: shibayashi Date: Tue, 13 Nov 2018 00:32:38 +0100 Subject: Add __Host- prefix when secure flag is enabled --- lib/pleroma/web/endpoint.ex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 7783b8e5c..85bb4ff5f 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -46,13 +46,18 @@ defmodule Pleroma.Web.Endpoint do plug(Plug.MethodOverride) plug(Plug.Head) + cookie_name = + if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), + do: "__Host-pleroma_key", + else: "pleroma_key" + # The session will be stored in the cookie and signed, # this means its contents can be read but not tampered with. # Set :encryption_salt if you would also like to encrypt it. plug( Plug.Session, store: :cookie, - key: "_pleroma_key", + key: cookie_name, signing_salt: "CqaoopA2", http_only: true, secure: -- cgit v1.2.3 From 9b553a1087a3539280a4a085bcf7a79f29972f0a Mon Sep 17 00:00:00 2001 From: href Date: Tue, 13 Nov 2018 15:58:02 +0100 Subject: media_proxy: CSP, content-disposition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago) --- lib/pleroma/web/media_proxy/controller.ex | 44 ++++++++++++++++++++++++++++-- lib/pleroma/web/media_proxy/media_proxy.ex | 5 +++- lib/pleroma/web/router.ex | 2 +- 3 files changed, 46 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index 8195a665e..10e6b4e52 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -11,15 +11,47 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do error: "public, must-revalidate, max-age=160" } - def remote(conn, %{"sig" => sig, "url" => url}) do + # Content-types that will not be returned as content-disposition attachments + # Override with :media_proxy, :safe_content_types in the configuration + @safe_content_types [ + "image/gif", + "image/jpeg", + "image/jpg", + "image/png", + "image/svg+xml", + "audio/mpeg", + "audio/mp3", + "video/webm", + "video/mp4" + ] + + def remote(conn, params = %{"sig" => sig, "url" => url}) do config = Application.get_env(:pleroma, :media_proxy, []) with true <- Keyword.get(config, :enabled, false), {:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url), - {:ok, content_type, body} <- proxy_request(url) do + filename <- Path.basename(url), + true <- + if(Map.get(params, "filename"), + do: filename == Path.basename(conn.request_path), + else: true + ), + {:ok, content_type, body} <- proxy_request(url), + safe_content_type <- + Enum.member?( + Keyword.get(config, :safe_content_types, @safe_content_types), + content_type + ) do conn |> put_resp_content_type(content_type) |> set_cache_header(:default) + |> put_resp_header( + "content-security-policy", + "default-src 'none'; style-src 'unsafe-inline'; media-src data:; img-src 'self' data:" + ) + |> put_resp_header("x-xss-protection", "1; mode=block") + |> put_resp_header("x-content-type-options", "nosniff") + |> put_attachement_header(safe_content_type, filename) |> send_resp(200, body) else false -> @@ -92,6 +124,12 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do # TODO: the body is passed here as well because some hosts do not provide a content-type. # At some point we may want to use magic numbers to discover the content-type and reply a proper one. defp proxy_request_content_type(headers, _body) do - headers["Content-Type"] || headers["content-type"] || "image/jpeg" + headers["Content-Type"] || headers["content-type"] || "application/octet-stream" + end + + defp put_attachement_header(conn, true, _), do: conn + + defp put_attachement_header(conn, false, filename) do + put_resp_header(conn, "content-disposition", "attachment; filename='#{filename}'") end end diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 37718f48b..6819c0917 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -15,7 +15,10 @@ defmodule Pleroma.Web.MediaProxy do base64 = Base.url_encode64(url, @base64_opts) sig = :crypto.hmac(:sha, secret, base64) sig64 = sig |> Base.url_encode64(@base64_opts) - Keyword.get(config, :base_url, Pleroma.Web.base_url()) <> "/proxy/#{sig64}/#{base64}" + filename = Path.basename(url) + + Keyword.get(config, :base_url, Pleroma.Web.base_url()) <> + "/proxy/#{sig64}/#{base64}/#{filename}" end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 06d0f0623..2d4302dcd 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -378,12 +378,12 @@ defmodule Pleroma.Web.Router do end pipeline :remote_media do - plug(:accepts, ["html"]) end scope "/proxy/", Pleroma.Web.MediaProxy do pipe_through(:remote_media) get("/:sig/:url", MediaProxyController, :remote) + get("/:sig/:url/:filename", MediaProxyController, :remote) end scope "/", Fallback do -- cgit v1.2.3 From 2cf40237ff44cdb04b20546ca51efb671270dbc2 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 13 Nov 2018 19:46:34 +0100 Subject: MastodonAPI: Add pagination to private messages. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 83728c81e..a0b74311b 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -278,9 +278,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def dm_timeline(%{assigns: %{user: user}} = conn, _params) do + def dm_timeline(%{assigns: %{user: user}} = conn, params) do query = - ActivityPub.fetch_activities_query([user.ap_id], %{"type" => "Create", visibility: "direct"}) + ActivityPub.fetch_activities_query( + [user.ap_id], + Map.merge(params, %{"type" => "Create", visibility: "direct"}) + ) activities = Repo.all(query) -- cgit v1.2.3 From ea9a776d7beb32b157269652759b85cdc17fec32 Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 13 Nov 2018 20:08:50 +0100 Subject: TwitterApi: Add direct message endpoint --- lib/pleroma/web/router.ex | 1 + lib/pleroma/web/twitter_api/twitter_api_controller.ex | 13 +++++++++++++ 2 files changed, 14 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 06d0f0623..7384f054b 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -270,6 +270,7 @@ defmodule Pleroma.Web.Router do get("/statuses/friends_timeline", TwitterAPI.Controller, :friends_timeline) get("/statuses/mentions", TwitterAPI.Controller, :mentions_timeline) get("/statuses/mentions_timeline", TwitterAPI.Controller, :mentions_timeline) + get("/statuses/dm_timeline", TwitterAPI.Controller, :dm_timeline) get("/qvitter/statuses/notifications", TwitterAPI.Controller, :notifications) # XXX: this is really a pleroma API, but we want to keep the pleroma namespace clean diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 727469a66..dfcafdcc9 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -126,6 +126,19 @@ defmodule Pleroma.Web.TwitterAPI.Controller do |> render(ActivityView, "index.json", %{activities: activities, for: user}) end + def dm_timeline(%{assigns: %{user: user}} = conn, params) do + query = + ActivityPub.fetch_activities_query( + [user.ap_id], + Map.merge(params, %{"type" => "Create", visibility: "direct"}) + ) + + activities = Repo.all(query) + + conn + |> render(ActivityView, "index.json", %{activities: activities, for: user}) + end + def notifications(%{assigns: %{user: user}} = conn, params) do notifications = Notification.for_user(user, params) -- cgit v1.2.3 From f52a1d1ec5d44eb882b7bebf4d3242737ff9701b Mon Sep 17 00:00:00 2001 From: href Date: Tue, 13 Nov 2018 23:41:33 +0100 Subject: media_proxy: use path only to retrieve filename --- lib/pleroma/web/media_proxy/controller.ex | 2 +- lib/pleroma/web/media_proxy/media_proxy.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index 10e6b4e52..bb257c262 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -30,7 +30,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do with true <- Keyword.get(config, :enabled, false), {:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url), - filename <- Path.basename(url), + filename <- Path.basename(URI.parse(url).path), true <- if(Map.get(params, "filename"), do: filename == Path.basename(conn.request_path), diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 6819c0917..93c36b4ed 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -15,7 +15,7 @@ defmodule Pleroma.Web.MediaProxy do base64 = Base.url_encode64(url, @base64_opts) sig = :crypto.hmac(:sha, secret, base64) sig64 = sig |> Base.url_encode64(@base64_opts) - filename = Path.basename(url) + filename = Path.basename(URI.parse(url).path) Keyword.get(config, :base_url, Pleroma.Web.base_url()) <> "/proxy/#{sig64}/#{base64}/#{filename}" -- cgit v1.2.3 From 7b170cd6161166e153ad54856d5f1cf189f4e3ae Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 14 Nov 2018 20:33:23 +0100 Subject: Add Pleroma user search api for PleromaFE. --- lib/pleroma/web/router.ex | 8 +++++++- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5e81db00b..5ca867871 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -248,9 +248,15 @@ defmodule Pleroma.Web.Router do ) get("/statuses/networkpublic_timeline", TwitterAPI.Controller, :public_and_external_timeline) + end - scope "/api", Pleroma.Web do + scope "/api", Pleroma.Web, as: :twitter_api_search do + pipe_through(:api) + get("/pleroma/search_user", TwitterAPI.Controller, :search_user) + end + + scope "/api", Pleroma.Web, as: :authenticated_twitter_api do pipe_through(:authenticated_api) get("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index dfcafdcc9..69e576048 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -529,6 +529,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do |> render(ActivityView, "index.json", %{activities: activities, for: user}) end + def search_user(%{assigns: %{user: user}} = conn, %{"query" => query}) do + users = User.search(query, true) + + conn + |> render(UserView, "index.json", %{users: users, for: user}) + end + defp bad_request_reply(conn, error_message) do json = error_json(conn, error_message) json_reply(conn, 400, json) -- cgit v1.2.3 From 27aa136aacb43084089234df59649bc81e53d63c Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 14 Nov 2018 20:41:12 +0100 Subject: Format. --- lib/pleroma/web/router.ex | 1 - 1 file changed, 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5ca867871..462369806 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -248,7 +248,6 @@ defmodule Pleroma.Web.Router do ) get("/statuses/networkpublic_timeline", TwitterAPI.Controller, :public_and_external_timeline) - end scope "/api", Pleroma.Web, as: :twitter_api_search do -- cgit v1.2.3 From 58af0787be605d0b382b30aba3749c7c8bbf10bc Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Thu, 15 Nov 2018 14:19:10 +0900 Subject: add mdii uploader --- lib/pleroma/uploaders/mdii.ex | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 lib/pleroma/uploaders/mdii.ex (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex new file mode 100644 index 000000000..3cf71df43 --- /dev/null +++ b/lib/pleroma/uploaders/mdii.ex @@ -0,0 +1,19 @@ +defmodule Pleroma.Uploaders.Mdii do + @behaviour Pleroma.Uploaders.Uploader + + def put_file(name, uuid, path, content_type, _should_dedupe) do + settings = Application.get_env(:pleroma, Pleroma.Uploaders.Mdii) + host_name = Keyword.fetch!(settings, :host_name) + + {:ok, file_data} = File.read(path) + + File.rm!(path) + + remote_file_name = "00000" + extension = "png" + + public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" + + {:ok, public_url} + end +end -- cgit v1.2.3 From 698cb3587cf66f4946c2baab69ecd45f339e1392 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Thu, 15 Nov 2018 14:38:45 +0900 Subject: omplement mdii uploader --- lib/pleroma/uploaders/mdii.ex | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index 3cf71df43..f21a7e1e2 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -1,6 +1,8 @@ defmodule Pleroma.Uploaders.Mdii do @behaviour Pleroma.Uploaders.Uploader + @httpoison Application.get_env(:pleroma, :httpoison) + def put_file(name, uuid, path, content_type, _should_dedupe) do settings = Application.get_env(:pleroma, Pleroma.Uploaders.Mdii) host_name = Keyword.fetch!(settings, :host_name) @@ -8,12 +10,15 @@ defmodule Pleroma.Uploaders.Mdii do {:ok, file_data} = File.read(path) File.rm!(path) + + extension = Regex.replace(~r/^image\//, content_type, "") + query = "https://#{host_name}/mdii.cgi?#{extension}" - remote_file_name = "00000" - extension = "png" - - public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" - - {:ok, public_url} + with {:ok, %{status_code: 200, body: body}} <- + @httpoison.get(url, file_data) do + remote_file_name = body + public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" + {:ok, public_url} + end end end -- cgit v1.2.3 From ebe658c16976d7a1938a3a132027e5b438937f39 Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Thu, 15 Nov 2018 14:46:43 +0900 Subject: debuf --- lib/pleroma/uploaders/mdii.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index f21a7e1e2..0f68b0805 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -15,7 +15,7 @@ defmodule Pleroma.Uploaders.Mdii do query = "https://#{host_name}/mdii.cgi?#{extension}" with {:ok, %{status_code: 200, body: body}} <- - @httpoison.get(url, file_data) do + @httpoison.post(query, file_data) do remote_file_name = body public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" {:ok, public_url} -- cgit v1.2.3 From 8e707aba29921666a50878c39751cd53ee5cde7e Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Thu, 15 Nov 2018 15:11:59 +0900 Subject: format --- lib/pleroma/uploaders/mdii.ex | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index 0f68b0805..c5deaf73f 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -10,12 +10,11 @@ defmodule Pleroma.Uploaders.Mdii do {:ok, file_data} = File.read(path) File.rm!(path) - + extension = Regex.replace(~r/^image\//, content_type, "") query = "https://#{host_name}/mdii.cgi?#{extension}" - with {:ok, %{status_code: 200, body: body}} <- - @httpoison.post(query, file_data) do + with {:ok, %{status_code: 200, body: body}} <- @httpoison.post(query, file_data) do remote_file_name = body public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" {:ok, public_url} -- cgit v1.2.3 From 4fbfacf5e129ad3f60e67f5ade2489f4bae48f56 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Thu, 15 Nov 2018 16:08:55 +0900 Subject: debug --- lib/pleroma/uploaders/mdii.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index c5deaf73f..f1f996fca 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -12,10 +12,10 @@ defmodule Pleroma.Uploaders.Mdii do File.rm!(path) extension = Regex.replace(~r/^image\//, content_type, "") - query = "https://#{host_name}/mdii.cgi?#{extension}" + query = "https://#{host_name}/mdii-post.cgi?#{extension}" with {:ok, %{status_code: 200, body: body}} <- @httpoison.post(query, file_data) do - remote_file_name = body + remote_file_name = List.first(String.split(body)) public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" {:ok, public_url} end -- cgit v1.2.3 From 52224de39fe757077448853a7e1546c0f01509af Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Fri, 16 Nov 2018 20:22:36 +0900 Subject: better extension detection --- lib/pleroma/uploaders/mdii.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index f1f996fca..71f3d1be7 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -11,11 +11,11 @@ defmodule Pleroma.Uploaders.Mdii do File.rm!(path) - extension = Regex.replace(~r/^image\//, content_type, "") + extension = String.split(name, ".") |> List.last() query = "https://#{host_name}/mdii-post.cgi?#{extension}" with {:ok, %{status_code: 200, body: body}} <- @httpoison.post(query, file_data) do - remote_file_name = List.first(String.split(body)) + remote_file_name = String.split(body) |> List.first() public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" {:ok, public_url} end -- cgit v1.2.3 From 55abd8482ed604587ffa9f5f3f64d36d4d5aa296 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Fri, 16 Nov 2018 20:41:12 +0900 Subject: better config --- lib/pleroma/uploaders/mdii.ex | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index 71f3d1be7..c62bab077 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -5,18 +5,19 @@ defmodule Pleroma.Uploaders.Mdii do def put_file(name, uuid, path, content_type, _should_dedupe) do settings = Application.get_env(:pleroma, Pleroma.Uploaders.Mdii) - host_name = Keyword.fetch!(settings, :host_name) + cgi = Keyword.fetch!(settings, :cgi) + files = Keyword.fetch!(settings, :files) {:ok, file_data} = File.read(path) File.rm!(path) extension = String.split(name, ".") |> List.last() - query = "https://#{host_name}/mdii-post.cgi?#{extension}" + query = "#{cgi}?#{extension}" with {:ok, %{status_code: 200, body: body}} <- @httpoison.post(query, file_data) do remote_file_name = String.split(body) |> List.first() - public_url = "https://#{host_name}/#{remote_file_name}.#{extension}" + public_url = "#{files}/#{remote_file_name}.#{extension}" {:ok, public_url} end end -- cgit v1.2.3 From e8d8c84f795152a0522e6848e75b47dcbce5aa89 Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 16 Nov 2018 18:31:32 +0100 Subject: Add better test for user search functionlity. --- lib/pleroma/user.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index be634a8e1..6e1d5559d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -498,7 +498,7 @@ defmodule Pleroma.User do Repo.all(query) end - def search(query, resolve) do + def search(query, resolve \\ false) do # strip the beginning @ off if there is a query query = String.trim_leading(query, "@") -- cgit v1.2.3 From c07464607d192add7fec0c91899eb8d3c077d876 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 16 Nov 2018 17:40:21 +0000 Subject: http security: remove form-action from CSP definitions --- lib/pleroma/plugs/http_security_plug.ex | 1 - 1 file changed, 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 960c7f6bf..31c7332f8 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -32,7 +32,6 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do [ "default-src 'none'", "base-uri 'self'", - "form-action *", "frame-ancestors 'none'", "img-src 'self' data: https:", "media-src 'self' https:", -- cgit v1.2.3 From f87b315618cf55f5c0794ab0dfc5523bdce348ef Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 16 Nov 2018 19:47:36 +0100 Subject: TwitterAPI: Fix dm_timeline displaying only half of the conversation. --- lib/pleroma/web/twitter_api/twitter_api_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 69e576048..cd0e2121c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -130,7 +130,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do query = ActivityPub.fetch_activities_query( [user.ap_id], - Map.merge(params, %{"type" => "Create", visibility: "direct"}) + Map.merge(params, %{"type" => "Create", "user" => user, visibility: "direct"}) ) activities = Repo.all(query) -- cgit v1.2.3 From 8fd0556c78472f8bdeee3520d6192ce96339d545 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Sat, 17 Nov 2018 18:14:42 +0900 Subject: better config reading --- lib/pleroma/uploaders/mdii.ex | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index c62bab077..b0c7e19e7 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -1,12 +1,13 @@ -defmodule Pleroma.Uploaders.Mdii do +defmodule Pleroma.Uploaders.MDII do + alias Pleroma.Config + @behaviour Pleroma.Uploaders.Uploader @httpoison Application.get_env(:pleroma, :httpoison) def put_file(name, uuid, path, content_type, _should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Uploaders.Mdii) - cgi = Keyword.fetch!(settings, :cgi) - files = Keyword.fetch!(settings, :files) + cgi = Pleroma.Config.get([Pleroma.Uploaders.MDII, :cgi]) + files = Pleroma.Config.get([Pleroma.Uploaders.MDII, :files]) {:ok, file_data} = File.read(path) -- cgit v1.2.3 From 59e079f641c2aed70a698fdcf4908a9f31a959f2 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Sat, 17 Nov 2018 20:16:25 +0900 Subject: fallbacking into local uploader --- lib/pleroma/uploaders/mdii.ex | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/uploaders/mdii.ex b/lib/pleroma/uploaders/mdii.ex index b0c7e19e7..a9d52b0dc 100644 --- a/lib/pleroma/uploaders/mdii.ex +++ b/lib/pleroma/uploaders/mdii.ex @@ -5,21 +5,22 @@ defmodule Pleroma.Uploaders.MDII do @httpoison Application.get_env(:pleroma, :httpoison) - def put_file(name, uuid, path, content_type, _should_dedupe) do + def put_file(name, uuid, path, content_type, should_dedupe) do cgi = Pleroma.Config.get([Pleroma.Uploaders.MDII, :cgi]) files = Pleroma.Config.get([Pleroma.Uploaders.MDII, :files]) {:ok, file_data} = File.read(path) - File.rm!(path) - extension = String.split(name, ".") |> List.last() query = "#{cgi}?#{extension}" with {:ok, %{status_code: 200, body: body}} <- @httpoison.post(query, file_data) do + File.rm!(path) remote_file_name = String.split(body) |> List.first() public_url = "#{files}/#{remote_file_name}.#{extension}" {:ok, public_url} + else + _ -> Pleroma.Uploaders.Local.put_file(name, uuid, path, content_type, should_dedupe) end end end -- cgit v1.2.3 From 603fccf175bd6f0d80cc52d0766b0208d2309790 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 18:17:17 +0000 Subject: activitypub: fetch_object_from_id(): prefer `actor` over `attributedTo` to avoid spoofing --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index c6733e487..51b787272 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -747,7 +747,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "type" => "Create", "to" => data["to"], "cc" => data["cc"], - "actor" => data["attributedTo"], + "actor" => data["actor"] || data["attributedTo"], "object" => data }, :ok <- Transmogrifier.contain_origin(id, params), -- cgit v1.2.3 From ee2e1328addb2b3a9f67eb47c983c63e496bc040 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 2 Oct 2018 18:38:16 +0200 Subject: admin_api_controller.ex: Create --- lib/pleroma/web/admin_api/admin_api_controller.ex | 25 +++++++++++++++++ lib/pleroma/web/router.ex | 33 +++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 lib/pleroma/web/admin_api/admin_api_controller.ex (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex new file mode 100644 index 000000000..1618a8372 --- /dev/null +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -0,0 +1,25 @@ +defmodule Pleroma.Web.AdminAPI.Controller do + use Pleroma.Web, :controller + + require Logger + + action_fallback(:errors) + + def user_delete(%{assigns: %{user: user}} = conn, _params) do + end + + def user_create(%{assigns: %{user: user}} = conn, _params) do + end + + def relay_follow(%{assigns: %{user: user}} = conn, _params) do + end + + def relay_unfollow(%{assigns: %{user: user}} = conn, _params) do + end + + def user_delete(%{assigns: %{user: user}} = conn, _params) do + end + + def user_delete(%{assigns: %{user: user}} = conn, _params) do + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 462369806..1fa2625d0 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -31,6 +31,21 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.EnsureAuthenticatedPlug) end + pipeline :admin_api do + plug(:accepts, ["json"]) + plug(:fetch_session) + plug(Pleroma.Plugs.OAuthPlug) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) + plug(Pleroma.Plugs.EnsureAuthenticatedPlug) + plug(Pleroma.Plugs.UserIsAdminPlug) + end + pipeline :mastodon_html do plug(:accepts, ["html"]) plug(:fetch_session) @@ -79,6 +94,24 @@ defmodule Pleroma.Web.Router do get("/emoji", UtilController, :emoji) end + scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do + pipe_through(:admin_api) + delete("/user", AdminAPIController, :user_delete) + post("/user", AdminAPIController, :user_create) + + # Maybe put a "rights" endpoint instead? + post("/moderator", AdminAPIController, :moderator_make) + delete("/moderator", AdminAPIController, :moderator_unmake) + post("/admin", AdminAPIController, :admin_make) + delete("/admin", AdminAPIController, :admin_unmake) + + post("/relay", AdminAPIController, :relay_follow) + delete("/relay", AdminAPIController, :relay_unfollow) + + get("/invite_token", AdminAPIController, :get_invite_token) + get("/password_reset", AdminAPIController, :get_password_reset) + end + scope "/", Pleroma.Web.TwitterAPI do pipe_through(:pleroma_html) get("/ostatus_subscribe", UtilController, :remote_follow) -- cgit v1.2.3 From 77d2fd54dd2770ba24099302a0fee052439e7a37 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 2 Oct 2018 19:03:05 +0200 Subject: admin_api_controller: Have some basic code --- lib/pleroma/web/admin_api/admin_api_controller.ex | 59 ++++++++++++++++++++--- 1 file changed, 53 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 1618a8372..b6348c3c1 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -1,25 +1,72 @@ defmodule Pleroma.Web.AdminAPI.Controller do use Pleroma.Web, :controller + alias Pleroma.{User, Repo} + alias Pleroma.Web.ActivityPub.Relay require Logger action_fallback(:errors) - def user_delete(%{assigns: %{user: user}} = conn, _params) do + def user_delete(conn, %{nickname: nickname}) do + user = User.get_by_nickname(nickname) + + if user[:local] == true do + User.delete(user) + else + User.delete(user) + end + + conn + |> send(200) end - def user_create(%{assigns: %{user: user}} = conn, _params) do + def user_create( + conn, + %{user: %{nickname: nickname, email: email, password: password} = user} + ) do + new_user = %User{ + nickname: nickname, + name: user.name || nickname, + email: email, + password: password, + password_confirmation: password, + bio: user.bio || "." + } + + User.register_changeset(%User{}, new_user) + + Repo.insert!(user) + + conn + |> send(200) end - def relay_follow(%{assigns: %{user: user}} = conn, _params) do + def relay_follow(conn, %{relay_url: target}) do + :ok = Relay.follow(target) + + conn + |> send(200) end - def relay_unfollow(%{assigns: %{user: user}} = conn, _params) do + def relay_unfollow(conn, %{relay_url: target}) do + :ok = Relay.unfollow(target) + + conn + |> send(200) end - def user_delete(%{assigns: %{user: user}} = conn, _params) do + def get_invite_token(conn, _params) do + {:ok, token} <- Pleroma.UserInviteToken.create_token() + + conn + |> puts(token) end - def user_delete(%{assigns: %{user: user}} = conn, _params) do + def get_password_reset(conn, %{nickname: nickname}) do + (%User{local: true} = user) = User.get_by_nickname(nickname) + {:ok, token} = Pleroma.PasswordResetToken.create_token(user) + + conn + |> puts(token) end end -- cgit v1.2.3 From 7076d45cb6661731201a0224628b748a0f6782e8 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 2 Oct 2018 19:13:21 +0200 Subject: lib/pleroma/plugs/user_is_admin_plug.ex: Create --- lib/pleroma/plugs/user_is_admin_plug.ex | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lib/pleroma/plugs/user_is_admin_plug.ex (limited to 'lib') diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex new file mode 100644 index 000000000..2f812bf47 --- /dev/null +++ b/lib/pleroma/plugs/user_is_admin_plug.ex @@ -0,0 +1,17 @@ +defmodule Pleroma.Plugs.UserIsAdminPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def call(%{assigns: %{user: %User{info: %{"is_admin" => false}}}} = conn, _) do + conn + |> assign(:user, nil) + end + + def call(conn, _) do + conn + end +end -- cgit v1.2.3 From 011a2e36b1bec75afab96b7ed529dd5c4f18af7a Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 05:12:09 +0200 Subject: lib/mix/tasks/make_admin.ex: New task --- lib/mix/tasks/set_admin.ex | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 lib/mix/tasks/set_admin.ex (limited to 'lib') diff --git a/lib/mix/tasks/set_admin.ex b/lib/mix/tasks/set_admin.ex new file mode 100644 index 000000000..d5ccf261b --- /dev/null +++ b/lib/mix/tasks/set_admin.ex @@ -0,0 +1,32 @@ +defmodule Mix.Tasks.SetAdmin do + use Mix.Task + alias Pleroma.User + + @doc """ + Sets admin status + Usage: set_admin nickname [true|false] + """ + def run([nickname | rest]) do + Application.ensure_all_started(:pleroma) + + status = + case rest do + [status] -> status == "true" + _ -> true + end + + with %User{local: true} = user <- User.get_by_nickname(nickname) do + info = + user.info + |> Map.put("is_admin", !!status) + + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) + + IO.puts("Admin status of #{nickname}: #{user.info["is_admin"]}") + else + _ -> + IO.puts("No local user #{nickname}") + end + end +end -- cgit v1.2.3 From c8b8f1d32c28e2a0ccf30f999c417b7739b9c445 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:25:50 +0200 Subject: [Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting --- lib/pleroma/plugs/user_is_admin_plug.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex index 2f812bf47..bdd057c44 100644 --- a/lib/pleroma/plugs/user_is_admin_plug.ex +++ b/lib/pleroma/plugs/user_is_admin_plug.ex @@ -6,12 +6,14 @@ defmodule Pleroma.Plugs.UserIsAdminPlug do options end - def call(%{assigns: %{user: %User{info: %{"is_admin" => false}}}} = conn, _) do + def call(%{assigns: %{user: %User{info: %{"is_admin" => true}}}} = conn, _) do conn - |> assign(:user, nil) end def call(conn, _) do conn + |> put_resp_content_type("application/json") + |> send_resp(403, Jason.encode!(%{error: "Not admin."})) + |> halt end end -- cgit v1.2.3 From 5732eef16b74e5f5c56415c4bc8fb6e21d21a329 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:26:58 +0200 Subject: =?UTF-8?q?lib/pleroma/web/admin=5Fapi/admin=5Fapi=5Fcontroller.ex?= =?UTF-8?q?:=20Pleroma.Web.AdminAPI.Controller=20=E2=86=92=20Pleroma.Web.A?= =?UTF-8?q?dminAPI.AdminAPIController?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/web/admin_api/admin_api_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index b6348c3c1..a6f8cd4d3 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -1,4 +1,4 @@ -defmodule Pleroma.Web.AdminAPI.Controller do +defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller alias Pleroma.{User, Repo} alias Pleroma.Web.ActivityPub.Relay -- cgit v1.2.3 From 578a9117370c3756c56448ad663664f73155a50b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:28:20 +0200 Subject: admin_api_controller.ex: get_password_reset: fix params and response --- lib/pleroma/web/admin_api/admin_api_controller.ex | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index a6f8cd4d3..0cc84430d 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -62,11 +62,23 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> puts(token) end - def get_password_reset(conn, %{nickname: nickname}) do + def get_password_reset(conn, %{"nickname" => nickname}) do (%User{local: true} = user) = User.get_by_nickname(nickname) {:ok, token} = Pleroma.PasswordResetToken.create_token(user) conn - |> puts(token) + |> json(token.token) + end + + def errors(conn, {:param_cast, _}) do + conn + |> put_status(400) + |> json("Invalid parameters") + end + + def errors(conn, _) do + conn + |> put_status(500) + |> json("Something went wrong") end end -- cgit v1.2.3 From 95b107b6ccdca0413ec205525ac308dc4ee9e173 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:37:37 +0200 Subject: admin_api_controller.ex: Add documentation, fix get_invite_token --- lib/pleroma/web/admin_api/admin_api_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 0cc84430d..7ef60b1f4 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -55,13 +55,15 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> send(200) end + @shortdoc "Get a account registeration invite token (base64 string)" def get_invite_token(conn, _params) do {:ok, token} <- Pleroma.UserInviteToken.create_token() conn - |> puts(token) + |> json(token.token) end + @shortdoc "Get a password reset token (base64 string) for given nickname" def get_password_reset(conn, %{"nickname" => nickname}) do (%User{local: true} = user) = User.get_by_nickname(nickname) {:ok, token} = Pleroma.PasswordResetToken.create_token(user) -- cgit v1.2.3 From c5a2bd6a65686ab17878e0439c8b6c804abe6fbb Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 12 Oct 2018 06:43:08 +0200 Subject: admin_api_controller.ex: fix remaining params at once --- lib/pleroma/web/admin_api/admin_api_controller.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 7ef60b1f4..70c1caaec 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -7,7 +7,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do action_fallback(:errors) - def user_delete(conn, %{nickname: nickname}) do + def user_delete(conn, %{"nickname" => nickname}) do user = User.get_by_nickname(nickname) if user[:local] == true do @@ -22,7 +22,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do def user_create( conn, - %{user: %{nickname: nickname, email: email, password: password} = user} + %{user: %{"nickname" => nickname, "email" => email, "password" => password} = user} ) do new_user = %User{ nickname: nickname, @@ -41,14 +41,14 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> send(200) end - def relay_follow(conn, %{relay_url: target}) do + def relay_follow(conn, %{"relay_url" => target}) do :ok = Relay.follow(target) conn |> send(200) end - def relay_unfollow(conn, %{relay_url: target}) do + def relay_unfollow(conn, %{"relay_url" => target}) do :ok = Relay.unfollow(target) conn -- cgit v1.2.3 From 59ce7fedce51cff39165ff1bb4ce1fbd8b53f530 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 08:15:09 +0100 Subject: Fix connection returns make generic right endpoint [AdminAPI] --- lib/pleroma/web/admin_api/admin_api_controller.ex | 54 ++++++++++++++++++++--- lib/pleroma/web/router.ex | 7 +-- 2 files changed, 50 insertions(+), 11 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 70c1caaec..a7be3611f 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -17,7 +17,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end conn - |> send(200) + |> json(nickname) end def user_create( @@ -35,29 +35,71 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do User.register_changeset(%User{}, new_user) - Repo.insert!(user) + Repo.insert!(new_user) conn - |> send(200) + |> json(new_user.nickname) + end + + def right_add(conn, %{"right" => right, "nickname" => nickname}) + when right in ["moderator", "admin"] do + user = User.get_by_nickname(nickname) + + info = + user.info + |> Map.put("is_" <> right, true) + + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) + + conn + |> json(user.info) + end + + def right_add(conn, _) do + conn + |> put_status(404) + |> json(%{error: "No such right"}) + end + + def right_delete(conn, %{"right" => right, "nickname" => nickname}) + when right in ["moderator", "admin"] do + user = User.get_by_nickname(nickname) + + info = + user.info + |> Map.put("is_" <> right, false) + + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) + + conn + |> json(user.info) + end + + def right_delete(conn, _) do + conn + |> put_status(404) + |> json(%{error: "No such right"}) end def relay_follow(conn, %{"relay_url" => target}) do :ok = Relay.follow(target) conn - |> send(200) + |> json(target) end def relay_unfollow(conn, %{"relay_url" => target}) do :ok = Relay.unfollow(target) conn - |> send(200) + |> json(target) end @shortdoc "Get a account registeration invite token (base64 string)" def get_invite_token(conn, _params) do - {:ok, token} <- Pleroma.UserInviteToken.create_token() + {:ok, token} = Pleroma.UserInviteToken.create_token() conn |> json(token.token) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1fa2625d0..4d9422970 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -99,11 +99,8 @@ defmodule Pleroma.Web.Router do delete("/user", AdminAPIController, :user_delete) post("/user", AdminAPIController, :user_create) - # Maybe put a "rights" endpoint instead? - post("/moderator", AdminAPIController, :moderator_make) - delete("/moderator", AdminAPIController, :moderator_unmake) - post("/admin", AdminAPIController, :admin_make) - delete("/admin", AdminAPIController, :admin_unmake) + post("/rights/:right/:nickname", AdminAPIController, :right_add) + delete("/rights/:right/:nickname", AdminAPIController, :right_delete) post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) -- cgit v1.2.3 From f48062488e2af9fdf40875d4fde7bd2d12d5cad6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 08:19:56 +0100 Subject: Add get endpoints for rights [AdminAPI] --- lib/pleroma/web/admin_api/admin_api_controller.ex | 7 +++++++ lib/pleroma/web/router.ex | 6 ++++-- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index a7be3611f..17f5f320d 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -56,6 +56,13 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> json(user.info) end + def right_get(conn, %{"nickname" => nickname}) do + user = User.get_by_nickname(nickname) + + conn + |> json(user.info) + end + def right_add(conn, _) do conn |> put_status(404) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 4d9422970..281e816c1 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -99,8 +99,10 @@ defmodule Pleroma.Web.Router do delete("/user", AdminAPIController, :user_delete) post("/user", AdminAPIController, :user_create) - post("/rights/:right/:nickname", AdminAPIController, :right_add) - delete("/rights/:right/:nickname", AdminAPIController, :right_delete) + get("/rights/:nickname", AdminAPIController, :right_get) + get("/rights/:nickname/:right", AdminAPIController, :right_get) + post("/rights/:nickname/:right", AdminAPIController, :right_add) + delete("/rights/:nickname/:right", AdminAPIController, :right_delete) post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) -- cgit v1.2.3 From a87ed2fad6cdf91d19601471d593d21ce618f0c2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 08:30:52 +0100 Subject: Pleroma.Web.AdminAPI.AdminAPIController: user_create statement format --- lib/pleroma/web/admin_api/admin_api_controller.ex | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 17f5f320d..cb9839324 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -20,10 +20,9 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> json(nickname) end - def user_create( - conn, - %{user: %{"nickname" => nickname, "email" => email, "password" => password} = user} - ) do + def user_create(conn, %{ + user: %{"nickname" => nickname, "email" => email, "password" => password} = user + }) do new_user = %User{ nickname: nickname, name: user.name || nickname, -- cgit v1.2.3 From f9d05902fea122a995cb66cadaeb420df0d504b6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:42:34 +0100 Subject: lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves --- lib/pleroma/web/admin_api/admin_api_controller.ex | 30 ++++++++++++++++------- 1 file changed, 21 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index cb9839324..c1df2d570 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -68,19 +68,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> json(%{error: "No such right"}) end - def right_delete(conn, %{"right" => right, "nickname" => nickname}) + def right_delete( + %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn, + %{ + "right" => right, + "nickname" => nickname + } + ) when right in ["moderator", "admin"] do - user = User.get_by_nickname(nickname) + if admin_nickname == nickname do + conn + |> post_status(403) + |> json(%{error: "You can't revoke your own admin status."}) + else + user = User.get_by_nickname(nickname) - info = - user.info - |> Map.put("is_" <> right, false) + info = + user.info + |> Map.put("is_" <> right, false) - cng = User.info_changeset(user, %{info: info}) - {:ok, user} = User.update_and_set_cache(cng) + cng = User.info_changeset(user, %{info: info}) + {:ok, user} = User.update_and_set_cache(cng) - conn - |> json(user.info) + conn + |> json(user.info) + end end def right_delete(conn, _) do -- cgit v1.2.3 From 4a79b89dba9e7d835dddfdf093e644ad2ef60b54 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:43:22 +0100 Subject: =?UTF-8?q?lib/pleroma/plugs/user=5Fis=5Fadmin=5Fplug.ex:=20change?= =?UTF-8?q?=20403=20string=20to=20=E2=80=9CUser=20is=20not=20admin.?= =?UTF-8?q?=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/plugs/user_is_admin_plug.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/user_is_admin_plug.ex b/lib/pleroma/plugs/user_is_admin_plug.ex index bdd057c44..5312f1499 100644 --- a/lib/pleroma/plugs/user_is_admin_plug.ex +++ b/lib/pleroma/plugs/user_is_admin_plug.ex @@ -13,7 +13,7 @@ defmodule Pleroma.Plugs.UserIsAdminPlug do def call(conn, _) do conn |> put_resp_content_type("application/json") - |> send_resp(403, Jason.encode!(%{error: "Not admin."})) + |> send_resp(403, Jason.encode!(%{error: "User is not admin."})) |> halt end end -- cgit v1.2.3 From 265c8c520974aa502606506a2722bb6bce04c38c Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:49:02 +0100 Subject: =?UTF-8?q?Pleroma.Web.ActivityPub.Relay:=20make=20{un,}follow=20r?= =?UTF-8?q?eturn=20:ok=20only=20if=20it=20worked,=20:error=20if=20it=20did?= =?UTF-8?q?n=E2=80=99t?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/pleroma/web/activity_pub/relay.ex | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index d30853d62..107c57866 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -12,11 +12,12 @@ defmodule Pleroma.Web.ActivityPub.Relay do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.follow(local_user, target_user) do Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") + :ok else - e -> Logger.error("error: #{inspect(e)}") + e -> + Logger.error("error: #{inspect(e)}") + :error end - - :ok end def unfollow(target_instance) do @@ -24,11 +25,12 @@ defmodule Pleroma.Web.ActivityPub.Relay do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") + :ok else - e -> Logger.error("error: #{inspect(e)}") + e -> + Logger.error("error: #{inspect(e)}") + :error end - - :ok end def publish(%Activity{data: %{"type" => "Create"}} = activity) do -- cgit v1.2.3 From 7fbfd2db964ba9d6eac0d6ccd9b5fd94ee38df6f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:55:32 +0100 Subject: lib/mix/tasks/relay_{un,}follow.ex: Support status reply of Relay.{un,}follow --- lib/mix/tasks/relay_follow.ex | 2 +- lib/mix/tasks/relay_unfollow.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index 4d57c6bca..61280d084 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,7 +14,7 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - :ok = Relay.follow(target) + _status = Relay.follow(target) # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index bd69fd8a0..6aa67590b 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,7 +13,7 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - :ok = Relay.unfollow(target) + _status = Relay.unfollow(target) # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) -- cgit v1.2.3 From ccd6b1956d11a2a7a738dd87770ac109114d4366 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 14:55:49 +0100 Subject: lib/pleroma/web/admin_api/admin_api_controller.ex: Support status reply of Relay.{un,}follow --- lib/pleroma/web/admin_api/admin_api_controller.ex | 26 +++++++++++++++++------ 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index c1df2d570..360ce0732 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -78,7 +78,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do when right in ["moderator", "admin"] do if admin_nickname == nickname do conn - |> post_status(403) + |> put_status(403) |> json(%{error: "You can't revoke your own admin status."}) else user = User.get_by_nickname(nickname) @@ -102,17 +102,29 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end def relay_follow(conn, %{"relay_url" => target}) do - :ok = Relay.follow(target) + status = Relay.follow(target) - conn - |> json(target) + if status == :ok do + conn + |> json(target) + else + conn + |> put_status(500) + |> json(target) + end end def relay_unfollow(conn, %{"relay_url" => target}) do - :ok = Relay.unfollow(target) + status = Relay.unfollow(target) - conn - |> json(target) + if status == :ok do + conn + |> json(target) + else + conn + |> put_status(500) + |> json(target) + end end @shortdoc "Get a account registeration invite token (base64 string)" -- cgit v1.2.3 From 1a31d7118793644050f3c045ff3e58db1543bdd4 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:08:03 +0100 Subject: lib/mix/tasks/relay_{un,}follow.ex: Use a with block --- lib/mix/tasks/relay_follow.ex | 10 ++++++---- lib/mix/tasks/relay_unfollow.ex | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index 61280d084..39cecb71b 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,9 +14,11 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - _status = Relay.follow(target) - - # put this task to sleep to allow the genserver to push out the messages - :timer.sleep(500) + with :ok <- Relay.follow(target) do + # put this task to sleep to allow the genserver to push out the messages + :timer.sleep(500) + else + e -> Mix.puts("Error: #{inspect(e)}") + end end end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index 6aa67590b..5f12bd9ea 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,9 +13,11 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - _status = Relay.unfollow(target) - - # put this task to sleep to allow the genserver to push out the messages - :timer.sleep(500) + with :ok <- Relay.unfollow(target) do + # put this task to sleep to allow the genserver to push out the messages + :timer.sleep(500) + else + e -> Mix.puts("Error: #{inspect(e)}") + end end end -- cgit v1.2.3 From e0b0fde713e70e9d64d8e294776bd060b88a9cad Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:16:19 +0100 Subject: Web.AdminAPI.AdminAPIController: Change right to permission group (except for function names) --- lib/pleroma/web/admin_api/admin_api_controller.ex | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 360ce0732..5f6c565ae 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -40,13 +40,13 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> json(new_user.nickname) end - def right_add(conn, %{"right" => right, "nickname" => nickname}) - when right in ["moderator", "admin"] do + def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname}) + when permission_group in ["moderator", "admin"] do user = User.get_by_nickname(nickname) info = user.info - |> Map.put("is_" <> right, true) + |> Map.put("is_" <> permission_group, true) cng = User.info_changeset(user, %{info: info}) {:ok, user} = User.update_and_set_cache(cng) @@ -65,17 +65,17 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do def right_add(conn, _) do conn |> put_status(404) - |> json(%{error: "No such right"}) + |> json(%{error: "No such permission_group"}) end def right_delete( %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn, %{ - "right" => right, + "permission_group" => permission_group, "nickname" => nickname } ) - when right in ["moderator", "admin"] do + when permission_group in ["moderator", "admin"] do if admin_nickname == nickname do conn |> put_status(403) @@ -85,7 +85,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do info = user.info - |> Map.put("is_" <> right, false) + |> Map.put("is_" <> permission_group, false) cng = User.info_changeset(user, %{info: info}) {:ok, user} = User.update_and_set_cache(cng) @@ -98,7 +98,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do def right_delete(conn, _) do conn |> put_status(404) - |> json(%{error: "No such right"}) + |> json(%{error: "No such permission_group"}) end def relay_follow(conn, %{"relay_url" => target}) do -- cgit v1.2.3 From daa8ec3d6273b7002ddee041686adf7652ec8e18 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 20:02:02 +0000 Subject: activitypub: factor out AP object fetching to it's own function and add ID-based containment --- lib/pleroma/web/activity_pub/activity_pub.ex | 32 ++++++++++++++++++-------- lib/pleroma/web/activity_pub/transmogrifier.ex | 13 +++++++++++ 2 files changed, 35 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 51b787272..98e9e2120 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -732,16 +732,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do else Logger.info("Fetching #{id} via AP") - with true <- String.starts_with?(id, "http"), - {:ok, %{body: body, status_code: code}} when code in 200..299 <- - @httpoison.get( - id, - [Accept: "application/activity+json"], - follow_redirect: true, - timeout: 10000, - recv_timeout: 20000 - ), - {:ok, data} <- Jason.decode(body), + with {:ok, data} <- fetch_and_contain_remote_object_from_id(id), nil <- Object.normalize(data), params <- %{ "type" => "Create", @@ -771,6 +762,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end + def fetch_and_contain_remote_object_from_id(id) do + Logger.info("Fetching #{id} via AP") + + with true <- String.starts_with?(id, "http"), + {:ok, %{body: body, status_code: code}} when code in 200..299 <- + @httpoison.get( + id, + [Accept: "application/activity+json"], + follow_redirect: true, + timeout: 10000, + recv_timeout: 20000 + ), + {:ok, data} <- Jason.decode(body), + :ok <- Transmogrifier.contain_origin_from_id(id, data) do + {:ok, data} + else + e -> + {:error, e} + end + end + def is_public?(activity) do "https://www.w3.org/ns/activitystreams#Public" in (activity.data["to"] ++ (activity.data["cc"] || [])) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index d51d8626b..1f886839e 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -50,6 +50,19 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end + def contain_origin_from_id(id, %{"id" => nil}), do: :error + + def contain_origin_from_id(id, %{"id" => other_id} = params) do + id_uri = URI.parse(id) + other_uri = URI.parse(other_id) + + if id_uri.host == other_uri.host do + :ok + else + :error + end + end + @doc """ Modifies an incoming AP object (mastodon format) to our internal format. """ -- cgit v1.2.3 From c88533209c20eeae51dcdc029db9483f8e69d096 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 20:13:38 +0000 Subject: activitypub: user fetching: use fetch_and_contain_remote_object_from_id() --- lib/pleroma/web/activity_pub/activity_pub.ex | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 98e9e2120..ed579e336 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -628,9 +628,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end def fetch_and_prepare_user_from_ap_id(ap_id) do - with {:ok, %{status_code: 200, body: body}} <- - @httpoison.get(ap_id, [Accept: "application/activity+json"], follow_redirect: true), - {:ok, data} <- Jason.decode(body) do + with {:ok, data} <- fetch_and_contain_remote_object_from_id(ap_id) do user_data_from_user_object(data) else e -> Logger.error("Could not decode user at fetch #{ap_id}, #{inspect(e)}") -- cgit v1.2.3 From 3d9266a8cbf7e1d0979ad7e17dd553851e73d81e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 20:43:43 +0000 Subject: federator: do origin containment when processing inbound messages --- lib/pleroma/web/federator/federator.ex | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 962cacfa3..33e6db9b9 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -101,8 +101,11 @@ defmodule Pleroma.Web.Federator do params = Utils.normalize_params(params) + # NOTE: we use the actor ID to do the containment, this is fine because an + # actor shouldn't be acting on objects outside their own AP server. with {:ok, _user} <- ap_enabled_actor(params["actor"]), nil <- Activity.normalize(params["id"]), + :ok <- Transmogrifier.contain_origin_from_id(params["actor"], params), {:ok, _activity} <- Transmogrifier.handle_incoming(params) do else %Activity{} -> -- cgit v1.2.3 From 0d1375f2746eb927e516064df3fd9fd0ee7e9ff8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 21:00:37 +0000 Subject: federator: return :ok or :error depending on if an AP doc was accepted or not --- lib/pleroma/web/federator/federator.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 33e6db9b9..6554fd2ef 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -106,15 +106,18 @@ defmodule Pleroma.Web.Federator do with {:ok, _user} <- ap_enabled_actor(params["actor"]), nil <- Activity.normalize(params["id"]), :ok <- Transmogrifier.contain_origin_from_id(params["actor"], params), - {:ok, _activity} <- Transmogrifier.handle_incoming(params) do + {:ok, activity} <- Transmogrifier.handle_incoming(params) do + {:ok, activity} else %Activity{} -> Logger.info("Already had #{params["id"]}") + :error _e -> # Just drop those for now Logger.info("Unhandled activity") Logger.info(Poison.encode!(params, pretty: 2)) + :error end end -- cgit v1.2.3 From 4634d99d0d43c0a13fdca6ebc722c400facafa3d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:20:49 +0100 Subject: Web.Router: Change right to permission group (except for function names) --- lib/pleroma/web/router.ex | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 281e816c1..74ceb1304 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -99,10 +99,10 @@ defmodule Pleroma.Web.Router do delete("/user", AdminAPIController, :user_delete) post("/user", AdminAPIController, :user_create) - get("/rights/:nickname", AdminAPIController, :right_get) - get("/rights/:nickname/:right", AdminAPIController, :right_get) - post("/rights/:nickname/:right", AdminAPIController, :right_add) - delete("/rights/:nickname/:right", AdminAPIController, :right_delete) + get("/permission_group/:nickname", AdminAPIController, :right_get) + get("/permission_group/:nickname/:permission_group", AdminAPIController, :right_get) + post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add) + delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete) post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) -- cgit v1.2.3 From 12ccf0c4f835cee1e942e13482322b0d9a5e7c2d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:31:37 +0100 Subject: Change Relay from `status` to `{status, message}` --- lib/mix/tasks/relay_follow.ex | 6 ++++-- lib/mix/tasks/relay_unfollow.ex | 6 ++++-- lib/pleroma/web/activity_pub/relay.ex | 8 ++++---- lib/pleroma/web/admin_api/admin_api_controller.ex | 4 ++-- 4 files changed, 14 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index 39cecb71b..bec63af7c 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,11 +14,13 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - with :ok <- Relay.follow(target) do + {status, message} = Relay.follow(target) + + if :ok == status do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - e -> Mix.puts("Error: #{inspect(e)}") + Mix.puts("Error: #{inspect(message)}") end end end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index 5f12bd9ea..df719af2b 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,11 +13,13 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - with :ok <- Relay.unfollow(target) do + {status, message} = Relay.unfollow(target) + + if :ok == status do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - e -> Mix.puts("Error: #{inspect(e)}") + Mix.puts("Error: #{inspect(message)}") end end end diff --git a/lib/pleroma/web/activity_pub/relay.ex b/lib/pleroma/web/activity_pub/relay.ex index 107c57866..fcdc6b1c0 100644 --- a/lib/pleroma/web/activity_pub/relay.ex +++ b/lib/pleroma/web/activity_pub/relay.ex @@ -12,11 +12,11 @@ defmodule Pleroma.Web.ActivityPub.Relay do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.follow(local_user, target_user) do Logger.info("relay: followed instance: #{target_instance}; id=#{activity.data["id"]}") - :ok + {:ok, activity} else e -> Logger.error("error: #{inspect(e)}") - :error + {:error, e} end end @@ -25,11 +25,11 @@ defmodule Pleroma.Web.ActivityPub.Relay do %User{} = target_user <- User.get_or_fetch_by_ap_id(target_instance), {:ok, activity} <- ActivityPub.unfollow(local_user, target_user) do Logger.info("relay: unfollowed instance: #{target_instance}: id=#{activity.data["id"]}") - :ok + {:ok, activity} else e -> Logger.error("error: #{inspect(e)}") - :error + {:error, e} end end diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 5f6c565ae..39e85036e 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -102,7 +102,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end def relay_follow(conn, %{"relay_url" => target}) do - status = Relay.follow(target) + {status, message} = Relay.follow(target) if status == :ok do conn @@ -115,7 +115,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do end def relay_unfollow(conn, %{"relay_url" => target}) do - status = Relay.unfollow(target) + {status, message} = Relay.unfollow(target) if status == :ok do conn -- cgit v1.2.3 From 44b6200103d52ab86b46f8b4b9e0768036184d05 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 10 Nov 2018 15:53:37 +0100 Subject: lib/mix/tasks/relay*: Use a with block --- lib/mix/tasks/relay_follow.ex | 6 ++---- lib/mix/tasks/relay_unfollow.ex | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/mix/tasks/relay_follow.ex b/lib/mix/tasks/relay_follow.ex index bec63af7c..85b1c024d 100644 --- a/lib/mix/tasks/relay_follow.ex +++ b/lib/mix/tasks/relay_follow.ex @@ -14,13 +14,11 @@ defmodule Mix.Tasks.RelayFollow do def run([target]) do Mix.Task.run("app.start") - {status, message} = Relay.follow(target) - - if :ok == status do + with {:ok, activity} <- Relay.follow(target) do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - Mix.puts("Error: #{inspect(message)}") + {:error, e} -> Mix.shell().error("Error while following #{target}: #{inspect(e)}") end end end diff --git a/lib/mix/tasks/relay_unfollow.ex b/lib/mix/tasks/relay_unfollow.ex index df719af2b..237fb771c 100644 --- a/lib/mix/tasks/relay_unfollow.ex +++ b/lib/mix/tasks/relay_unfollow.ex @@ -13,13 +13,11 @@ defmodule Mix.Tasks.RelayUnfollow do def run([target]) do Mix.Task.run("app.start") - {status, message} = Relay.unfollow(target) - - if :ok == status do + with {:ok, activity} <- Relay.follow(target) do # put this task to sleep to allow the genserver to push out the messages :timer.sleep(500) else - Mix.puts("Error: #{inspect(message)}") + {:error, e} -> Mix.shell().error("Error while following #{target}: #{inspect(e)}") end end end -- cgit v1.2.3 From 0ca00b3a0719232ede8971327732fc02fce14da9 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 17 Nov 2018 22:10:23 +0100 Subject: Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit --- lib/pleroma/web/admin_api/admin_api_controller.ex | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex index 39e85036e..bcdb4ba37 100644 --- a/lib/pleroma/web/admin_api/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/admin_api_controller.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do def user_delete(conn, %{"nickname" => nickname}) do user = User.get_by_nickname(nickname) - if user[:local] == true do + if user.local == true do User.delete(user) else User.delete(user) @@ -20,21 +20,21 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do |> json(nickname) end - def user_create(conn, %{ - user: %{"nickname" => nickname, "email" => email, "password" => password} = user - }) do - new_user = %User{ + def user_create( + conn, + %{"nickname" => nickname, "email" => email, "password" => password} + ) do + new_user = %{ nickname: nickname, - name: user.name || nickname, + name: nickname, email: email, password: password, password_confirmation: password, - bio: user.bio || "." + bio: "." } User.register_changeset(%User{}, new_user) - - Repo.insert!(new_user) + |> Repo.insert!() conn |> json(new_user.nickname) -- cgit v1.2.3 From dfcfb184b10428af8d37492e64f271c0275fc2c9 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 21:22:30 +0000 Subject: activitypub: transmogrifier: make deletes secure --- lib/pleroma/web/activity_pub/transmogrifier.ex | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1f886839e..5864855b0 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -467,15 +467,20 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end end - # TODO: Make secure. + # TODO: We presently assume that any actor on the same origin domain as the object being + # deleted has the rights to delete that object. A better way to validate whether or not + # the object should be deleted is to refetch the object URI, which should return either + # an error or a tombstone. This would allow us to verify that a deletion actually took + # place. def handle_incoming( - %{"type" => "Delete", "object" => object_id, "actor" => actor, "id" => _id} = data + %{"type" => "Delete", "object" => object_id, "actor" => _actor, "id" => _id} = data ) do object_id = Utils.get_ap_id(object_id) with actor <- get_actor(data), - %User{} = _actor <- User.get_or_fetch_by_ap_id(actor), + %User{} = actor <- User.get_or_fetch_by_ap_id(actor), {:ok, object} <- get_obj_helper(object_id) || fetch_obj_helper(object_id), + :ok <- contain_origin(actor.ap_id, object.data), {:ok, activity} <- ActivityPub.delete(object, false) do {:ok, activity} else -- cgit v1.2.3 From 98795172a76db8d3331015461a021092c75cae5d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 22:10:15 +0000 Subject: ostatus controller: respond with AS2 objects instead of activities to notice URIs --- lib/pleroma/web/ostatus/ostatus_controller.ex | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index 2f92935e7..34fdf9727 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -1,7 +1,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do use Pleroma.Web, :controller - alias Pleroma.{User, Activity} + alias Pleroma.{User, Activity, Object} alias Pleroma.Web.OStatus.{FeedRepresenter, ActivityRepresenter} alias Pleroma.Repo alias Pleroma.Web.{OStatus, Federator} @@ -153,10 +153,21 @@ defmodule Pleroma.Web.OStatus.OStatusController do end end - defp represent_activity(conn, "activity+json", activity, user) do + defp represent_activity( + conn, + "activity+json", + %Activity{data: %{"type" => "Create"}} = activity, + user + ) do + object = Object.normalize(activity.data["object"]) + conn |> put_resp_header("content-type", "application/activity+json") - |> json(ObjectView.render("object.json", %{object: activity})) + |> json(ObjectView.render("object.json", %{object: object})) + end + + defp represent_activity(conn, "activity+json", _, _) do + {:error, :not_found} end defp represent_activity(conn, _, activity, user) do -- cgit v1.2.3 From f6be980f4faaef9408333fe59f0bb915dd087fd0 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 22:29:08 +0000 Subject: activitypub: object view: avoid leaking private details --- lib/pleroma/web/activity_pub/views/object_view.ex | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/activity_pub/views/object_view.ex b/lib/pleroma/web/activity_pub/views/object_view.ex index 1911ddfb7..ff664636c 100644 --- a/lib/pleroma/web/activity_pub/views/object_view.ex +++ b/lib/pleroma/web/activity_pub/views/object_view.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do Map.merge(base, additional) end - def render("object.json", %{object: %Activity{} = activity}) do + def render("object.json", %{object: %Activity{data: %{"type" => "Create"}} = activity}) do base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header() object = Object.normalize(activity.data["object"]) @@ -20,4 +20,15 @@ defmodule Pleroma.Web.ActivityPub.ObjectView do Map.merge(base, additional) end + + def render("object.json", %{object: %Activity{} = activity}) do + base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header() + object = Object.normalize(activity.data["object"]) + + additional = + Transmogrifier.prepare_object(activity.data) + |> Map.put("object", object.data["id"]) + + Map.merge(base, additional) + end end -- cgit v1.2.3 From 62299be09466f83960052b68a140430ad1e30415 Mon Sep 17 00:00:00 2001 From: eal Date: Sun, 26 Aug 2018 21:17:13 +0300 Subject: Federator: add retry queue. --- lib/pleroma/application.ex | 5 ++- lib/pleroma/web/federator/federator.ex | 43 +++++++++--------- lib/pleroma/web/federator/retry_queue.ex | 76 ++++++++++++++++++++++++++++++++ lib/pleroma/web/websub/websub.ex | 25 +++++++++++ 4 files changed, 124 insertions(+), 25 deletions(-) create mode 100644 lib/pleroma/web/federator/retry_queue.ex (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index eedad7675..707200737 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -57,8 +57,9 @@ defmodule Pleroma.Application do id: :cachex_idem ), worker(Pleroma.Web.Federator, []), - worker(Pleroma.Stats, []), - worker(Pleroma.Gopher.Server, []) + worker(Pleroma.Web.Federator.RetryQueue, []), + worker(Pleroma.Gopher.Server, []), + worker(Pleroma.Stats, []) ] ++ if Mix.env() == :test, do: [], diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 6554fd2ef..eefc9b483 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -3,6 +3,7 @@ defmodule Pleroma.Web.Federator do alias Pleroma.User alias Pleroma.Activity alias Pleroma.Web.{WebFinger, Websub} + alias Pleroma.Web.Federator.RetryQueue alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier @@ -122,29 +123,25 @@ defmodule Pleroma.Web.Federator do end def handle(:publish_single_ap, params) do - ActivityPub.publish_one(params) - end - - def handle(:publish_single_websub, %{xml: xml, topic: topic, callback: callback, secret: secret}) do - signature = @websub.sign(secret || "", xml) - Logger.debug(fn -> "Pushing #{topic} to #{callback}" end) - - with {:ok, %{status_code: code}} <- - @httpoison.post( - callback, - xml, - [ - {"Content-Type", "application/atom+xml"}, - {"X-Hub-Signature", "sha1=#{signature}"} - ], - timeout: 10000, - recv_timeout: 20000, - hackney: [pool: :default] - ) do - Logger.debug(fn -> "Pushed to #{callback}, code #{code}" end) - else - e -> - Logger.debug(fn -> "Couldn't push to #{callback}, #{inspect(e)}" end) + case ActivityPub.publish_one(params) do + {:ok, _} -> + :ok + + {:error, _} -> + RetryQueue.enqueue(params, :activitypub) + end + end + + def handle( + :publish_single_websub, + %{xml: xml, topic: topic, callback: callback, secret: secret} = params + ) do + case Websub.publish_one(params) do + {:ok, _} -> + :ok + + {:error, _} -> + RetryQueue.enqueue(params, :websub) end end diff --git a/lib/pleroma/web/federator/retry_queue.ex b/lib/pleroma/web/federator/retry_queue.ex new file mode 100644 index 000000000..1d38cd5a3 --- /dev/null +++ b/lib/pleroma/web/federator/retry_queue.ex @@ -0,0 +1,76 @@ +defmodule Pleroma.Web.Federator.RetryQueue do + use GenServer + alias Pleroma.Web.{WebFinger, Websub} + alias Pleroma.Web.ActivityPub.ActivityPub + require Logger + + @websub Application.get_env(:pleroma, :websub) + @ostatus Application.get_env(:pleroma, :websub) + @httpoison Application.get_env(:pleroma, :websub) + @instance Application.get_env(:pleroma, :websub) + # initial timeout, 5 min + @initial_timeout 30_000 + @max_retries 5 + + def init(args) do + {:ok, args} + end + + def start_link() do + GenServer.start_link(__MODULE__, %{}, name: __MODULE__) + end + + def enqueue(data, transport, retries \\ 0) do + GenServer.cast(__MODULE__, {:maybe_enqueue, data, transport, retries + 1}) + end + + def handle_cast({:maybe_enqueue, data, transport, retries}, state) do + if retries > @max_retries do + Logger.debug("Maximum retries reached on #{inspect(data)}") + {:noreply, state} + else + Process.send_after( + __MODULE__, + {:send, data, transport, retries}, + growth_function(retries) + ) + + {:noreply, state} + end + end + + def handle_info({:send, %{topic: topic} = data, :websub, retries}, state) do + Logger.debug("RetryQueue: Retrying to send object #{topic}") + + case Websub.publish_one(data) do + {:ok, _} -> + {:noreply, state} + + {:error, reason} -> + enqueue(data, :websub, retries) + {:noreply, state} + end + end + + def handle_info({:send, %{id: id} = data, :activitypub, retries}, state) do + Logger.debug("RetryQueue: Retrying to send object #{id}") + + case ActivityPub.publish_one(data) do + {:ok, _} -> + {:noreply, state} + + {:error, reason} -> + enqueue(data, :activitypub, retries) + {:noreply, state} + end + end + + def handle_info(unknown, state) do + Logger.debug("RetryQueue: don't know what to do with #{inspect(unknown)}, ignoring") + {:noreply, state} + end + + defp growth_function(retries) do + round(@initial_timeout * :math.pow(retries, 3)) + end +end diff --git a/lib/pleroma/web/websub/websub.ex b/lib/pleroma/web/websub/websub.ex index e494811f9..396dcf045 100644 --- a/lib/pleroma/web/websub/websub.ex +++ b/lib/pleroma/web/websub/websub.ex @@ -252,4 +252,29 @@ defmodule Pleroma.Web.Websub do Pleroma.Web.Federator.enqueue(:request_subscription, sub) end) end + + def publish_one(%{xml: xml, topic: topic, callback: callback, secret: secret}) do + signature = sign(secret || "", xml) + Logger.info(fn -> "Pushing #{topic} to #{callback}" end) + + with {:ok, %{status_code: code}} <- + @httpoison.post( + callback, + xml, + [ + {"Content-Type", "application/atom+xml"}, + {"X-Hub-Signature", "sha1=#{signature}"} + ], + timeout: 10000, + recv_timeout: 20000, + hackney: [pool: :default] + ) do + Logger.info(fn -> "Pushed to #{callback}, code #{code}" end) + {:ok, code} + else + e -> + Logger.debug(fn -> "Couldn't push to #{callback}, #{inspect(e)}" end) + {:error, e} + end + end end -- cgit v1.2.3 From bcecdc3ab194135d5bc17496b8091a6c17775c87 Mon Sep 17 00:00:00 2001 From: href Date: Fri, 16 Nov 2018 21:35:08 +0100 Subject: Various runtime configuration fixes --- lib/pleroma/application.ex | 3 ++- lib/pleroma/object.ex | 8 +++++--- lib/pleroma/web/channels/user_socket.ex | 7 +++---- lib/pleroma/web/endpoint.ex | 6 ++---- lib/pleroma/web/federator/federator.ex | 12 ++++++++---- lib/pleroma/web/ostatus/ostatus_controller.ex | 2 +- lib/pleroma/web/router.ex | 8 +++----- 7 files changed, 24 insertions(+), 22 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index eedad7675..4c0e3ddb0 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -3,6 +3,7 @@ defmodule Pleroma.Application do # See http://elixir-lang.org/docs/stable/elixir/Application.html # for more information on OTP Applications + @env Mix.env() def start(_type, _args) do import Supervisor.Spec import Cachex.Spec @@ -60,7 +61,7 @@ defmodule Pleroma.Application do worker(Pleroma.Stats, []), worker(Pleroma.Gopher.Server, []) ] ++ - if Mix.env() == :test, + if @env == :test, do: [], else: [worker(Pleroma.Web.Streamer, [])] ++ diff --git a/lib/pleroma/object.ex b/lib/pleroma/object.ex index 067ecfaf4..03a75dfbd 100644 --- a/lib/pleroma/object.ex +++ b/lib/pleroma/object.ex @@ -31,10 +31,12 @@ defmodule Pleroma.Object do def normalize(ap_id) when is_binary(ap_id), do: Object.get_by_ap_id(ap_id) def normalize(_), do: nil - def get_cached_by_ap_id(ap_id) do - if Mix.env() == :test do + if Mix.env() == :test do + def get_cached_by_ap_id(ap_id) do get_by_ap_id(ap_id) - else + end + else + def get_cached_by_ap_id(ap_id) do key = "object:#{ap_id}" Cachex.fetch!(:object_cache, key, fn _ -> diff --git a/lib/pleroma/web/channels/user_socket.ex b/lib/pleroma/web/channels/user_socket.ex index 21b22b409..07ddee169 100644 --- a/lib/pleroma/web/channels/user_socket.ex +++ b/lib/pleroma/web/channels/user_socket.ex @@ -4,9 +4,7 @@ defmodule Pleroma.Web.UserSocket do ## Channels # channel "room:*", Pleroma.Web.RoomChannel - if Application.get_env(:pleroma, :chat) |> Keyword.get(:enabled) do - channel("chat:*", Pleroma.Web.ChatChannel) - end + channel("chat:*", Pleroma.Web.ChatChannel) ## Transports transport(:websocket, Phoenix.Transports.WebSocket) @@ -24,7 +22,8 @@ defmodule Pleroma.Web.UserSocket do # See `Phoenix.Token` documentation for examples in # performing token verification on connect. def connect(%{"token" => token}, socket) do - with {:ok, user_id} <- Phoenix.Token.verify(socket, "user socket", token, max_age: 84600), + with true <- Pleroma.Config.get([:chat, :enabled]), + {:ok, user_id} <- Phoenix.Token.verify(socket, "user socket", token, max_age: 84600), %User{} = user <- Pleroma.Repo.get(User, user_id) do {:ok, assign(socket, :user_name, user.nickname)} else diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index 85bb4ff5f..8728c908b 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -1,9 +1,7 @@ defmodule Pleroma.Web.Endpoint do use Phoenix.Endpoint, otp_app: :pleroma - if Application.get_env(:pleroma, :chat) |> Keyword.get(:enabled) do - socket("/socket", Pleroma.Web.UserSocket) - end + socket("/socket", Pleroma.Web.UserSocket) socket("/api/v1", Pleroma.Web.MastodonAPI.MastodonSocket) @@ -58,7 +56,7 @@ defmodule Pleroma.Web.Endpoint do Plug.Session, store: :cookie, key: cookie_name, - signing_salt: "CqaoopA2", + signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]}, http_only: true, secure: Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 6554fd2ef..f047708d3 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -153,11 +153,15 @@ defmodule Pleroma.Web.Federator do {:error, "Don't know what to do with this"} end - def enqueue(type, payload, priority \\ 1) do - if Pleroma.Config.get([:instance, :federating]) do - if Mix.env() == :test do + if Mix.env() == :test do + def enqueue(type, payload, priority \\ 1) do + if Pleroma.Config.get([:instance, :federating]) do handle(type, payload) - else + end + end + else + def enqueue(type, payload, priority \\ 1) do + if Pleroma.Config.get([:instance, :federating]) do GenServer.cast(__MODULE__, {:enqueue, type, payload, priority}) end end diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index 34fdf9727..af6e22c2b 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -136,7 +136,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do "html" -> conn |> put_resp_content_type("text/html") - |> send_file(200, "priv/static/index.html") + |> send_file(200, Application.app_dir(:pleroma, "priv/static/index.html")) _ -> represent_activity(conn, format, activity, user) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 462369806..07f69fcd8 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -404,11 +404,9 @@ defmodule Fallback.RedirectController do use Pleroma.Web, :controller def redirector(conn, _params) do - if Mix.env() != :test do - conn - |> put_resp_content_type("text/html") - |> send_file(200, "priv/static/index.html") - end + conn + |> put_resp_content_type("text/html") + |> send_file(200, Application.app_dir(:pleroma, "priv/static/index.html")) end def registration_page(conn, params) do -- cgit v1.2.3 From 689b46efc87dd128fd7c26f0eaf8c514b8295b30 Mon Sep 17 00:00:00 2001 From: eal Date: Mon, 19 Nov 2018 18:08:41 +0200 Subject: RetryQueue: tiny refractor, add tests --- lib/pleroma/web/federator/federator.ex | 4 +-- lib/pleroma/web/federator/retry_queue.ex | 43 ++++++++++++++------------------ 2 files changed, 21 insertions(+), 26 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index eefc9b483..000883cc2 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -128,7 +128,7 @@ defmodule Pleroma.Web.Federator do :ok {:error, _} -> - RetryQueue.enqueue(params, :activitypub) + RetryQueue.enqueue(params, ActivityPub) end end @@ -141,7 +141,7 @@ defmodule Pleroma.Web.Federator do :ok {:error, _} -> - RetryQueue.enqueue(params, :websub) + RetryQueue.enqueue(params, Websub) end end diff --git a/lib/pleroma/web/federator/retry_queue.ex b/lib/pleroma/web/federator/retry_queue.ex index 1d38cd5a3..06c094f26 100644 --- a/lib/pleroma/web/federator/retry_queue.ex +++ b/lib/pleroma/web/federator/retry_queue.ex @@ -17,50 +17,45 @@ defmodule Pleroma.Web.Federator.RetryQueue do end def start_link() do - GenServer.start_link(__MODULE__, %{}, name: __MODULE__) + GenServer.start_link(__MODULE__, %{delivered: 0, dropped: 0}, name: __MODULE__) end def enqueue(data, transport, retries \\ 0) do GenServer.cast(__MODULE__, {:maybe_enqueue, data, transport, retries + 1}) end - def handle_cast({:maybe_enqueue, data, transport, retries}, state) do + def get_retry_params(retries) do if retries > @max_retries do - Logger.debug("Maximum retries reached on #{inspect(data)}") - {:noreply, state} + {:drop, "Max retries reached"} else - Process.send_after( - __MODULE__, - {:send, data, transport, retries}, - growth_function(retries) - ) - - {:noreply, state} + {:retry, growth_function(retries)} end end - def handle_info({:send, %{topic: topic} = data, :websub, retries}, state) do - Logger.debug("RetryQueue: Retrying to send object #{topic}") + def handle_cast({:maybe_enqueue, data, transport, retries}, %{dropped: drop_count} = state) do + case get_retry_params(retries) do + {:retry, timeout} -> + Process.send_after( + __MODULE__, + {:send, data, transport, retries}, + growth_function(retries) + ) - case Websub.publish_one(data) do - {:ok, _} -> {:noreply, state} - {:error, reason} -> - enqueue(data, :websub, retries) - {:noreply, state} + {:drop, message} -> + Logger.debug(message) + {:noreply, %{state | dropped: drop_count + 1}} end end - def handle_info({:send, %{id: id} = data, :activitypub, retries}, state) do - Logger.debug("RetryQueue: Retrying to send object #{id}") - - case ActivityPub.publish_one(data) do + def handle_info({:send, data, transport, retries}, %{delivered: delivery_count} = state) do + case transport.publish_one(data) do {:ok, _} -> - {:noreply, state} + {:noreply, %{state | delivered: delivery_count + 1}} {:error, reason} -> - enqueue(data, :activitypub, retries) + enqueue(data, transport, retries) {:noreply, state} end end -- cgit v1.2.3 From 7f4c3a1e993a3827b58f9cb8049a8ee5f54a1bdf Mon Sep 17 00:00:00 2001 From: href Date: Tue, 20 Nov 2018 17:46:54 +0100 Subject: mediaproxy: fix empty url & add some tests --- lib/pleroma/web/media_proxy/media_proxy.ex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 93c36b4ed..0fc0a07b2 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -3,6 +3,8 @@ defmodule Pleroma.Web.MediaProxy do def url(nil), do: nil + def url(""), do: nil + def url(url = "/" <> _), do: url def url(url) do @@ -15,10 +17,10 @@ defmodule Pleroma.Web.MediaProxy do base64 = Base.url_encode64(url, @base64_opts) sig = :crypto.hmac(:sha, secret, base64) sig64 = sig |> Base.url_encode64(@base64_opts) - filename = Path.basename(URI.parse(url).path) + filename = if path = URI.parse(url).path, do: "/" <> Path.basename(path), else: "" Keyword.get(config, :base_url, Pleroma.Web.base_url()) <> - "/proxy/#{sig64}/#{base64}/#{filename}" + "/proxy/#{sig64}/#{base64}#{filename}" end end -- cgit v1.2.3 From bc5cf2c1926225a43589abf330fe984ea439cb00 Mon Sep 17 00:00:00 2001 From: href Date: Tue, 20 Nov 2018 17:55:03 +0100 Subject: Improved version string --- lib/pleroma/application.ex | 6 ++++++ lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 2 +- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 4 ++-- lib/pleroma/web/twitter_api/controllers/util_controller.ex | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index eedad7675..50adf68df 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -1,6 +1,12 @@ defmodule Pleroma.Application do use Application + @name "Pleroma" + @version Mix.Project.config()[:version] + def name, do: @name + def version, do: @version + def named_version(), do: @name <> " " <> @version + # See http://elixir-lang.org/docs/stable/elixir/Application.html # for more information on OTP Applications def start(_type, _args) do diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index a0b74311b..aa7e9418e 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -141,7 +141,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do uri: Web.base_url(), title: Keyword.get(instance, :name), description: Keyword.get(instance, :description), - version: "#{@mastodon_api_level} (compatible; #{Keyword.get(instance, :version)})", + version: "#{@mastodon_api_level} (compatible; #{Pleroma.Application.named_version()})", email: Keyword.get(instance, :email), urls: %{ streaming_api: String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws") diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index d58f08881..151db0bb7 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -86,8 +86,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do response = %{ version: "2.0", software: %{ - name: "pleroma", - version: Keyword.get(instance, :version) + name: Pleroma.Application.name(), + version: Pleroma.Application.version() }, protocols: ["ostatus", "activitypub"], services: %{ diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index dc4a864d6..b0ed8387e 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -197,7 +197,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end def version(conn, _params) do - version = Pleroma.Config.get([:instance, :version]) + version = Pleroma.Application.named_version() case get_format(conn) do "xml" -> -- cgit v1.2.3 From 5346fabf142c19c8442b4421ad3f827ad050ec92 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 24 Nov 2018 06:13:36 +0100 Subject: Web.MastodonAPI.MastodonSocket: Add unauthentified websocket endpoints reported by soka on CRTNet --- lib/pleroma/web/mastodon_api/mastodon_socket.ex | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_socket.ex b/lib/pleroma/web/mastodon_api/mastodon_socket.ex index 0f3d5ff7c..46ec5ecd2 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_socket.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_socket.ex @@ -45,6 +45,24 @@ defmodule Pleroma.Web.MastodonAPI.MastodonSocket do end end + def connect(%{"stream" => stream} = params, socket) + when stream in ["public", "public:local", "hashtag"] do + topic = + case stream do + "hashtag" -> "hashtag:#{params["tag"]}" + _ -> stream + end + + with socket = + socket + |> assign(:topic, topic) do + Pleroma.Web.Streamer.add_socket(topic, socket) + {:ok, socket} + else + _e -> :error + end + end + def id(_), do: nil def handle(:text, message, _state) do -- cgit v1.2.3 From d388a991433151eb8d4fd07ad732d2f166ac295b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 24 Nov 2018 06:43:03 +0100 Subject: Web.MastodonAPI.MastodonSocket: Put access_token at function-level --- lib/pleroma/web/mastodon_api/mastodon_socket.ex | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_socket.ex b/lib/pleroma/web/mastodon_api/mastodon_socket.ex index 46ec5ecd2..f3c13d1aa 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_socket.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_socket.ex @@ -11,9 +11,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonSocket do timeout: :infinity ) - def connect(params, socket) do - with token when not is_nil(token) <- params["access_token"], - %Token{user_id: user_id} <- Repo.get_by(Token, token: token), + def connect(%{"access_token" => token} = params, socket) do + with %Token{user_id: user_id} <- Repo.get_by(Token, token: token), %User{} = user <- Repo.get(User, user_id), stream when stream in [ -- cgit v1.2.3 From ca029f0b693891fbe21dc58fb379c2319cf05f17 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 24 Nov 2018 08:45:45 +0100 Subject: Web.Streamer: Get unauthenticated statuses representation --- lib/pleroma/web/streamer.ex | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/streamer.ex b/lib/pleroma/web/streamer.ex index 6b6d40346..5cab62c85 100644 --- a/lib/pleroma/web/streamer.ex +++ b/lib/pleroma/web/streamer.ex @@ -169,16 +169,33 @@ defmodule Pleroma.Web.Streamer do |> Jason.encode!() end + defp represent_update(%Activity{} = activity) do + %{ + event: "update", + payload: + Pleroma.Web.MastodonAPI.StatusView.render( + "status.json", + activity: activity + ) + |> Jason.encode!() + } + |> Jason.encode!() + end + def push_to_socket(topics, topic, %Activity{data: %{"type" => "Announce"}} = item) do Enum.each(topics[topic] || [], fn socket -> # Get the current user so we have up-to-date blocks etc. - user = User.get_cached_by_ap_id(socket.assigns[:user].ap_id) - blocks = user.info["blocks"] || [] + if socket.assigns[:user] do + user = User.get_cached_by_ap_id(socket.assigns[:user].ap_id) + blocks = user.info["blocks"] || [] - parent = Object.normalize(item.data["object"]) + parent = Object.normalize(item.data["object"]) - unless is_nil(parent) or item.actor in blocks or parent.data["actor"] in blocks do - send(socket.transport_pid, {:text, represent_update(item, user)}) + unless is_nil(parent) or item.actor in blocks or parent.data["actor"] in blocks do + send(socket.transport_pid, {:text, represent_update(item, user)}) + end + else + send(socket.transport_pid, {:text, represent_update(item)}) end end) end @@ -186,11 +203,15 @@ defmodule Pleroma.Web.Streamer do def push_to_socket(topics, topic, item) do Enum.each(topics[topic] || [], fn socket -> # Get the current user so we have up-to-date blocks etc. - user = User.get_cached_by_ap_id(socket.assigns[:user].ap_id) - blocks = user.info["blocks"] || [] - - unless item.actor in blocks do - send(socket.transport_pid, {:text, represent_update(item, user)}) + if socket.assigns[:user] do + user = User.get_cached_by_ap_id(socket.assigns[:user].ap_id) + blocks = user.info["blocks"] || [] + + unless item.actor in blocks do + send(socket.transport_pid, {:text, represent_update(item, user)}) + end + else + send(socket.transport_pid, {:text, represent_update(item)}) end end) end -- cgit v1.2.3 From 591b11eafcc49a7812390a03d29596b4a96ad5f8 Mon Sep 17 00:00:00 2001 From: shibayashi Date: Mon, 26 Nov 2018 20:48:24 +0100 Subject: Add manifest-src to allow manifest.json --- lib/pleroma/plugs/http_security_plug.ex | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 31c7332f8..84d6506e3 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -39,6 +39,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do "font-src 'self'", "script-src 'self'", "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), + "manifest-src 'self'", "upgrade-insecure-requests" ] |> Enum.join("; ") -- cgit v1.2.3 From 04daa0fa4473075c873aa733e4e2876c557b0444 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Mon, 26 Nov 2018 21:40:29 +0100 Subject: Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https This fixes running mastofe with MIX_ENV=dev --- lib/pleroma/plugs/http_security_plug.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 84d6506e3..4c32653ea 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -29,6 +29,8 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do end defp csp_string do + protocol = Config.get([Pleroma.Web.Endpoint, :protocol]) + [ "default-src 'none'", "base-uri 'self'", @@ -40,7 +42,9 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do "script-src 'self'", "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "manifest-src 'self'", - "upgrade-insecure-requests" + if @protocol == "https" do + "upgrade-insecure-requests" + end ] |> Enum.join("; ") end -- cgit v1.2.3 From 6cc94404d77f3afd0a6eefc36d5f4f5d1afbfa64 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 26 Nov 2018 22:51:25 +0000 Subject: Replace this hardcoded --- lib/pleroma/web/templates/layout/app.html.eex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/templates/layout/app.html.eex b/lib/pleroma/web/templates/layout/app.html.eex index 2a8dede80..2e96c1509 100644 --- a/lib/pleroma/web/templates/layout/app.html.eex +++ b/lib/pleroma/web/templates/layout/app.html.eex @@ -2,7 +2,9 @@ <html> <head> <meta charset=utf-8 /> - <title>Pleroma + + <%= Application.get_env(:pleroma, :instance)[:name] %> +