Commit graph

6564 commits

Author SHA1 Message Date
FloatingGhost
336d06b2a8 Significantly tighten HTTP CSP 2023-01-02 15:21:19 +00:00
FloatingGhost
57e51fe62c Migrate Pleroma.Web to phoenix 1.6 formats 2023-01-02 03:29:02 +00:00
FloatingGhost
6e646c4cbc Use a genserver to periodically fetch metrics
Ref https://github.com/beam-telemetry/telemetry_metrics_prometheus_core/issues/52
2023-01-01 18:32:14 +00:00
FloatingGhost
c4b46ca460 Add /api/v1/followed_tags 2022-12-31 18:09:34 +00:00
ilja
745e15468e Use same context for quote posts as the post that's being quoted (#379)
See https://akkoma.dev/AkkomaGang/akkoma/pulls/350#issuecomment-6109

When making quotes through Mast-API, they will now have the same context as the quoted post. This also results in them being showed when fetching the thread. I checked Misskey to see how it's there, and they show the quotes there as well, see e.g. <https://mk.toast.cafe/notes/98u1g0tulg>.

An example from Akkoma:

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/379
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-12-31 18:09:27 +00:00
FloatingGhost
b8f280b4b5 Rich media doesn't need to be a map 2022-12-31 03:53:52 +00:00
FloatingGhost
bf7ff6a337 Put rich media processing in a Task 2022-12-30 20:11:53 +00:00
FloatingGhost
5d4c291d52 update references to pleroma in docs 2022-12-30 03:43:35 +00:00
floatingghost
9be6caf125 argon2 password hashing (#406)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/406
2022-12-30 02:46:58 +00:00
floatingghost
a5e98083f2 Add link verification in profile fields (#405)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/405
2022-12-29 20:56:06 +00:00
Atsuko Karagi
4a78c431cf Simplified HTTP signature processing 2022-12-19 20:41:48 +00:00
Atsuko Karagi
e17c71a389 Respect restrict_unauthenticated in /api/v1/accounts/lookup 2022-12-19 20:32:16 +00:00
floatingghost
233c4bb3ba revert 28ab09d377
revert Remove unused dependencies
2022-12-19 02:34:46 +00:00
FloatingGhost
28ab09d377 Remove unused dependencies 2022-12-19 02:26:04 +00:00
FloatingGhost
3d546409b2 remove now-unused test 2022-12-17 23:21:24 +00:00
FloatingGhost
52d8183787 drop admin scopes on create app instead of rejecting 2022-12-17 23:14:49 +00:00
FloatingGhost
b91e671c0d add remote user count for the heck of it 2022-12-16 17:22:26 +00:00
FloatingGhost
1f5bc4d68a remove unused variable 2022-12-16 12:36:34 +00:00
FloatingGhost
9a320ba814 make 2fa UI less awful 2022-12-16 11:50:25 +00:00
FloatingGhost
48d302a60f allow disabling prometheus entirely 2022-12-16 11:17:04 +00:00
FloatingGhost
d1a0d93bf7 document prometheus 2022-12-16 10:24:36 +00:00
FloatingGhost
c2054f82ab allow users with admin:metrics to read app metrics 2022-12-16 03:32:51 +00:00
FloatingGhost
b8be8192fb do not allow non-admins to register tokens with admin scopes
this didn't actually _do_ anything in the past,
the users would be prevented from accessing the resource,
but they shouldn't be able to even create them
2022-12-16 03:25:14 +00:00
FloatingGhost
e2320f870e Add prometheus metrics to router 2022-12-15 02:02:07 +00:00
Tim Buchwaldt
29584197bb Measure stats-data 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
63be819661 Take tesla telemetry 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
0995fa1410 Track oban failures 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
f8d3383179 Fix oban tags 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
a06bb694c1 Listen to loopback 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
1e9c2cd8ef Fix buckets for query timing 2022-12-15 01:04:56 +00:00
Tim Buchwaldt
33243c56e5 Start adding telemetry 2022-12-15 01:04:55 +00:00
floatingghost
07a48b9293 giant massive dep upgrade and dialyxir-found error emporium (#371)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371
2022-12-14 12:38:48 +00:00
duponin
3e9c0b380a
Return 413 when an actor's banner or background exceeds the size limit 2022-12-12 17:28:14 -05:00
duponin
c9304962c3
Uploading an avatar media exceeding max size returns a 413
Until now it was returning a 500 because the upload plug were going
through the changeset and ending in the JSON encoder, which raised
because struct has to @derive the encoder.
2022-12-12 17:28:09 -05:00
FloatingGhost
9d9c26b833 Ensure Gun is Gone 2022-12-11 19:26:21 +00:00
FloatingGhost
68894089e8 Do not fetch anything from blocked instances 2022-12-10 00:09:45 +00:00
FloatingGhost
a1515f9a60 Add some extra info around possible nils 2022-12-09 23:45:51 +00:00
FloatingGhost
739ed14f54 Revert "mandate published on notes"
This reverts commit e49b583147.
2022-12-09 20:59:26 +00:00
FloatingGhost
e49b583147 mandate published on notes
fixes #356
2022-12-09 20:27:54 +00:00
FloatingGhost
f5a315f04c Add URL and code to :not_found errors
Ref #355
2022-12-09 20:13:31 +00:00
FloatingGhost
dcf58a3c53 Do not pass transient undo-y activities through MRF 2022-12-09 20:01:38 +00:00
FloatingGhost
9db4c2429f Remove FollowBotPolicy 2022-12-09 19:59:27 +00:00
FloatingGhost
6f83ae27aa extend reject MRF to check if originating instance is blocked 2022-12-09 19:57:29 +00:00
FloatingGhost
d5828f1c5e Merge remote-tracking branch 'ilja/fix_tagpolicy_to_also_work_on_updates' into develop 2022-12-09 10:31:22 +00:00
FloatingGhost
0eaec57d3f mix format 2022-12-09 10:24:38 +00:00
ilja
1f863f0a36 Fix MRF policies to also work with Update
Objects who got updated would just pass through several of the MRF policies, undoing moderation in some situations.
In the relevant cases we now check not only for Create activities, but also Update activities.

I checked which ones checked explicitly on type Create using `grep '"type" => "Create"' lib/pleroma/web/activity_pub/mrf/*`.

The following from that list have not been changed:
* lib/pleroma/web/activity_pub/mrf/follow_bot_policy.ex
    * Not relevant for moderation
* lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
    * Already had a test for Update
* lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
    * In practice only relevant when fetching old objects (e.g. through Like or Announce). These are always wrapped in a Create.
* lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
    * We don't allow changing scope with Update, so not relevant here
2022-12-08 23:22:05 +01:00
ilja
ce517ff4e5 Fix tagpolicy to also work with Update
Objects who got updated would just pass the TagPolicy, undoing the moderation that was set in place for the Actor.
Now we check not only for Create activities, but also Update activities.
2022-12-08 21:53:42 +01:00
FloatingGhost
cb3ccf5f47 Add check for null reply_to_user 2022-12-07 13:41:12 +00:00
FloatingGhost
1afba64464 Redirect to standard FE if logged in 2022-12-07 13:35:00 +00:00
FloatingGhost
c7369d6d03 GOOGLE 2022-12-07 11:41:24 +00:00