Tusooa Zhu
3fd87b6a75
Skip cache when /objects or /activities is authenticated
...
Ref: fix-local-public
2022-06-29 20:47:27 +01:00
Tusooa Zhu
932e5df19e
Allow to skip cache in Cache plug
...
Ref: fix-local-public
2022-06-29 20:47:26 +01:00
Tusooa Zhu
07bd35227a
Support multiple locales from userLanguage cookie
2022-06-29 20:47:10 +01:00
Tusooa Zhu
fa95bc8725
Support multiple locales formally
...
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.
[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-06-29 20:47:10 +01:00
Tusooa Zhu
ef73f61b07
Fallback to a variant if the language in general is not supported
...
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.
Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-06-29 20:47:10 +01:00
Tusooa Zhu
72bdb0640f
Allow user to register with custom language
2022-06-29 20:46:51 +01:00
Tusooa Zhu
7726148472
Send emails i18n'd using backend-stored user language
2022-06-29 20:45:19 +01:00
Tusooa Zhu
8f08c902a5
Make lint happy
2022-06-29 20:44:16 +01:00
Tusooa Zhu
775f997c40
Prefer userLanguage cookie over Accept-Language header in detecting locale
...
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
2022-06-29 20:43:41 +01:00
FloatingGhost
502382da45
cherry-pick security from upstream
2022-06-22 16:25:05 +01:00
Alex Gleason
138f5a4517
EnsureStaffPrivilegedPlug: don't let non-moderators through
2021-12-27 17:18:26 -06:00
Alibek Omarov
f02715c4b2
Fix lint errors
2021-12-27 03:42:03 +03:00
Alibek Omarov
cd1041c3a4
API: optionally restrict moderators from accessing sensitive data
2021-12-27 02:27:48 +03:00
Alex Gleason
44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug
2021-08-04 11:48:57 -05:00
Alex Gleason
9bc1e79c56
Moderators: add UserIsStaffPlug
2021-07-12 21:57:52 -05:00
Alex Gleason
595bca24ad
Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static
2021-05-30 12:12:58 -05:00
Alex Gleason
721c966842
FrontendStatic: make Router a runtime dep
...
Speeds up recompilation by removing compile-time cycles
2021-05-30 12:12:16 -05:00
Alex Gleason
39127f15eb
Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes
2021-05-28 13:51:21 -05:00
Alex Gleason
c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0
...
Reduce recompilation time by breaking compile-time cycles
2021-05-28 13:51:01 -05:00
Sean King
2b4f958b2a
Add opting out of Google FLoC to HTTPSecurityPlug headers
2021-04-18 14:00:18 -06:00
Mark Felder
1552179792
Improved recursion through the api route list
2021-02-25 10:07:29 -06:00
Mark Felder
cea31df6a6
Attempt to filter out API calls from FrontendStatic plug
2021-02-24 15:27:53 -06:00
rinpatch
2ab9499258
OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions
...
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.
2021-02-17 21:37:23 +03:00
Ivan Tashkinov
df89b5019b
[ #2510 ] Improved support for app-bound OAuth tokens. Auth-related refactoring.
2021-02-11 15:02:50 +03:00
Egor Kislitsyn
793fc77b16
Add active user count
2021-01-27 18:20:06 +04:00
eugenijm
7fcaa188a0
Allow to define custom HTTP headers per each frontend
2021-01-21 21:55:23 +03:00
eugenijm
133644dfa2
Ability to set the Service-Worker-Allowed header
2021-01-21 21:55:11 +03:00
Lain Soykaf
39f3683a06
Pbkdf2: Use it everywhere.
2021-01-14 15:06:16 +01:00
lain
9106048c61
Password: Replace Pbkdf2 with Password.
2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
Mark Felder
86dcfb4eb9
More places we should be using Upload.base_url
2021-01-08 17:32:42 -06:00
Mark Felder
d69c78ceb9
Remove configurability of upload proxy opts, simplify
2021-01-05 15:06:00 -06:00
lain
713612c377
Cachex: Make caching provider switchable at runtime.
...
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Ivan Tashkinov
e9859b68fc
[ #3112 ] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions.
2020-12-06 13:59:10 +03:00
Ivan Tashkinov
50e47a215f
Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements
2020-11-28 21:51:27 +03:00
Alexander Strizhakov
6aadb1cb40
digest algorithm is taken from header
2020-11-27 08:10:52 +03:00
Ivan Tashkinov
12a5981cc3
Session token setting on token exchange. Auth-related refactoring.
2020-11-25 21:47:23 +03:00
Ivan Tashkinov
ccc2cf0e87
Session-based OAuth auth fixes (token expiration check), refactoring, tweaks.
2020-11-21 19:47:25 +03:00
Ivan Tashkinov
04f6b48ac1
Auth subsystem refactoring and tweaks.
...
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
2020-10-31 13:38:35 +03:00
Maksim Pechnikov
d28f72a55a
FrontStatic plug: excluded invalid url
2020-10-27 22:59:27 +03:00
Alexander Strizhakov
b081080dd9
fixes after rebase
2020-10-13 16:44:02 +03:00
Alexander Strizhakov
1d0e130cb3
fixes after rebase
2020-10-13 16:44:02 +03:00
Alexander Strizhakov
9f4fe5485b
alias alphabetically order
2020-10-13 16:43:59 +03:00
Alexander Strizhakov
3ef4e9d170
AdminSecretAuthenticationPlug module name
2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c497558d43
AuthenticationPlug module name
2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c1777e7479
BasicAuthDecoderPlug module name
2020-10-13 16:43:58 +03:00
Alexander Strizhakov
970932689f
DigestPlug rename
2020-10-13 16:43:57 +03:00
Alexander Strizhakov
66e0b0065b
Cache plug module name
2020-10-13 16:43:57 +03:00
Alexander Strizhakov
c6baa811d6
EnsureAuthenticatedPlug module name
2020-10-13 16:43:57 +03:00
Alexander Strizhakov
011525a3d1
EnsurePublicOrAuthenticatedPlug module name
2020-10-13 16:43:57 +03:00
Alexander Strizhakov
8e301a4c37
EnsureUserKeyPlug module name
2020-10-13 16:43:56 +03:00
Alexander Strizhakov
d6cb1a3b46
ExpectAuthenticatedCheckPlug module name
2020-10-13 16:43:56 +03:00
Alexander Strizhakov
99e4ed21b1
ExpectPublicOrAuthenticatedCheckPlug module name
2020-10-13 16:43:56 +03:00
Alexander Strizhakov
8c993c5f63
FederatingPlug module name
2020-10-13 16:43:55 +03:00
Alexander Strizhakov
abc3c7689b
HTTPSecurityPlug module name and filename
2020-10-13 16:43:55 +03:00
Alexander Strizhakov
5cd7030076
IdempotencyPlug module name
2020-10-13 16:43:55 +03:00
Alexander Strizhakov
8dfaa54ffc
InstanceStatic module name
2020-10-13 16:43:55 +03:00
Alexander Strizhakov
e2332d92ce
LegacyAuthenticationPlug module name
2020-10-13 16:43:54 +03:00
Alexander Strizhakov
96d320bdfe
OAuthPlug module name
2020-10-13 16:43:54 +03:00
Alexander Strizhakov
a6d8cef33e
OAuthScopesPlug module name
2020-10-13 16:43:54 +03:00
Alexander Strizhakov
15772fda57
PlugHelper module name
2020-10-13 16:43:53 +03:00
Alexander Strizhakov
4b1863ca4e
RateLimiter module name
2020-10-13 16:43:53 +03:00
Alexander Strizhakov
3be8ab5103
RemoteIp module name
2020-10-13 16:43:50 +03:00
Alexander Strizhakov
4b4c0eef36
SessionAuthenticationPlug module name
2020-10-13 16:42:53 +03:00
Alexander Strizhakov
8249b75761
SetFormatPlug module name
2020-10-13 16:42:53 +03:00
Alexander Strizhakov
c97c7d982f
SetLocalePlug module name
2020-10-13 16:42:52 +03:00
Alexander Strizhakov
f7614d4718
SetUserSessionIdPlug module name
2020-10-13 16:42:52 +03:00
Alexander Strizhakov
d36c9e210a
StaticFEPlug module name
2020-10-13 16:42:52 +03:00
Alexander Strizhakov
a07688deb1
TrailingFormatPlug module name
2020-10-13 16:42:51 +03:00
Alexander Strizhakov
a5987155f7
UploadedMedia module name
2020-10-13 16:42:51 +03:00
Alexander Strizhakov
ebd6dd7c53
UserEnabledPlug module name
2020-10-13 16:42:51 +03:00
Alexander Strizhakov
61c609884c
UserFetcherPlug module name
2020-10-13 16:42:51 +03:00
Alexander Strizhakov
1d16cd0c3d
UserIsAdminPlug module name
2020-10-13 16:42:50 +03:00
Alexander Strizhakov
e267991a44
renaming LimiterSupervisor
2020-10-13 16:42:48 +03:00
Alexander Strizhakov
6a87f94ee2
renaming ratelimiter supervisor
2020-10-13 16:38:48 +03:00
Alexander Strizhakov
2501793f81
moving plugs into web dir
2020-10-13 16:38:19 +03:00