FloatingGhost
ec5db753b9
Prevent elixir compiler from yeeting our modules
2023-08-05 14:03:21 +01:00
mae
d868348fac
Completely disable xml entity resolution
2023-08-05 12:32:05 +00:00
FloatingGhost
31d7cc9a9c
Allow Pleroma.HTTP to connect to raw-HTTP without freaking mint out
2023-08-04 23:51:15 +01:00
FloatingGhost
8670d89316
Remove duplicated path
...
Fixes #604
2023-08-04 22:39:11 +01:00
FloatingGhost
b4399574ca
Merge remote-tracking branch 'norm/config-permissions' into develop
2023-08-04 22:31:11 +01:00
Mae
1f54bea564
Prevent XML parser from loading external entities
2023-08-04 22:24:17 +01:00
Haelwenn (lanodan) Monnier
ae03513934
Config: Restrict permissions of OTP config file
...
Original: 8cc8100120
2023-08-04 14:13:36 -04:00
FloatingGhost
0b2ec0ccee
Enable AnonymizeFilenames on all uploads
2023-08-04 15:37:15 +01:00
FloatingGhost
723bd123a0
Correct ordering for block/mutes
2023-08-04 15:18:07 +01:00
FloatingGhost
1dc8cc731c
Merge branch 'elixir1.15' into develop
2023-08-04 15:16:14 +01:00
FloatingGhost
64e233ca20
Tag Mock
-tests as "mocked" and run them seperately
2023-08-04 12:50:50 +01:00
FloatingGhost
2946bf4011
mix format
2023-08-04 12:04:24 +01:00
FloatingGhost
fe8c166b8f
Remove IO.inspects
2023-08-04 12:01:52 +01:00
Mark Felder
7e45343f81
Resolve information disclosure vulnerability through emoji pack archive download endpoint
2023-08-04 11:34:19 +01:00
FloatingGhost
98cb255d12
Support elixir1.15
...
OTP builds to 1.15
Changelog entry
Ensure policies are fully loaded
Fix :warn
use main branch for linkify
Fix warn in tests
Migrations for phoenix 1.17
Revert "Migrations for phoenix 1.17"
This reverts commit 6a3b2f15b7
.
Oban upgrade
Add default empty whitelist
mix format
limit test to amd64
OTP 26 tests for 1.15
use OTP_VERSION tag
baka
just 1.15
Massive deps update
Update locale, deps
Mix format
shell????
multiline???
?
max cases 1
use assert_recieve
don't put_env in async tests
don't async conn/fs tests
mix format
FIx some uploader issues
Fix tests
2023-08-03 17:44:09 +01:00
FloatingGhost
babb4b9a8f
Merge branch 'metadata_webfinger' into develop
2023-08-02 12:05:43 +01:00
FloatingGhost
27cbfb8985
Send a NIL body rather than an empty one with GET/HEAD
2023-08-01 11:26:05 +01:00
Walter Huf
7ff9c356f4
Merge remote-tracking branch 'upstream/develop' into metadata_webfinger
2023-07-27 07:43:17 -07:00
Weblate
eba3cce77b
Update translation files
...
Updated by "Squash Git commits" hook in Weblate.
Translation: Pleroma fe/Akkoma Backend (Config Descriptions)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-config-descriptions/
2023-07-27 13:14:05 +00:00
FloatingGhost
fa23098093
Merge branch 'develop' into arm
2023-07-27 14:01:11 +01:00
floatingghost
6db8ab7c94
Merge pull request 'Varied selection of Pleroma cherry-picks' ( #567 ) from XxXCertifiedForkliftDriverXxX/akkoma:cherry-picks into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/567
2023-07-27 12:53:56 +00:00
FloatingGhost
34601065c3
Mix format
2023-07-20 17:34:05 +01:00
FloatingGhost
33e7ae7637
Allow nil attachments
2023-07-17 20:03:31 +01:00
FloatingGhost
900b9b0124
Merge branch 'develop' into active-emoji-reactions
2023-07-17 19:45:43 +01:00
FloatingGhost
c63ae73bc0
Add embed controller tests
2023-07-17 19:18:21 +01:00
FloatingGhost
16d2bfef80
Ensure embeds will not be served if unauthenticated users could not see it
2023-07-17 18:24:53 +01:00
FloatingGhost
c8904f15a2
Correct behaviour of mediaproxy blocklist
2023-07-17 18:17:04 +01:00
FloatingGhost
8fe29bf5d2
Exclude deactivated users from emoji reaction lists
2023-07-17 17:53:03 +01:00
floatingghost
210df6fe92
Merge pull request 'Fix the /embed endpoint' ( #540 ) from mikihau/akkoma:develop into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/540
2023-07-15 20:48:30 +00:00
Mark Felder
5144d6f4ba
Add OnlyMedia Upload Filter to simplify restricting uploads to audio, image, and video types
...
Original: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3897
2023-06-28 01:56:14 +01:00
floatingghost
3e4a279a1b
Merge pull request 'Implement blocklists for MediaProxy' ( #574 ) from XxXCertifiedForkliftDriverXxX/akkoma:feature/mediaproxy-blocklist into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/574
2023-06-28 00:54:25 +00:00
XxXCertifiedForkliftDriverXxX
767e1272b3
Use OS CA store for Mint HTTP connections
2023-06-26 15:50:49 +02:00
XxXCertifiedForkliftDriverXxX
07b478dc49
Implement blocklists for MediaProxy
2023-06-26 15:18:31 +02:00
tusooa
c0a01e73cf
Enforce unauth restrictions for public streaming endpoints
2023-06-14 22:45:19 +00:00
tusooa
fee6e2aac4
Fix deleting banned users' statuses
2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier
8669a0abcb
UploadedMedia: Increase readability via ~s sigil
2023-06-14 22:45:19 +00:00
Haelwenn (lanodan) Monnier
37b0d774fa
UploadedMedia: Add missing disposition_type to Content-Disposition
...
Set it to `inline` because the vast majority of what's sent is multimedia
content while `attachment` would have the side-effect of triggering a
download dialog.
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114
2023-06-14 22:45:19 +00:00
tusooa
3095251e6c
Dedupe poll options
2023-06-14 22:45:19 +00:00
tusooa
79a18f761b
Allow with_relationships param for blocks
2023-06-14 22:45:19 +00:00
kPherox
8fb235e71b
fix: append field values to bio before parsing
2023-06-14 19:44:07 +00:00
kPherox
d6271e7613
feat: build rel me tags with profile fields
2023-06-14 19:44:07 +00:00
Alexander Tumin
5adce547d0
Require related object for notifications to filter on content
2023-06-14 19:41:48 +00:00
tusooa
05e80d1879
Fix block_from_stranger setting
2023-06-14 19:41:44 +00:00
tusooa
1268dbc562
Fix type of admin_account.is_confirmed
2023-06-14 19:38:22 +00:00
tusooa
651979217a
Fix failure when registering a user with no email when approval required
2023-06-14 19:33:58 +00:00
Mark Felder
997551bac9
Fix TwitterCard meta tags
...
TwitterCard meta tags are supposed to use the attributes "name" and "content".
OpenGraph tags use the attributes "property" and "content".
Twitter itself is smart enough to detect broken meta tags and discover the TwitterCard
using "property" and "content", but other platforms that only implement parsing of TwitterCards
and not OpenGraph may fail to correctly detect the tags as they're under the wrong attributes.
> "Open Graph protocol also specifies the use of property and content attributes for markup while
> Twitter cards use name and content. Twitter’s parser will fall back to using property and content,
> so there is no need to modify existing Open Graph protocol markup if it already exists." [0]
[0] https://developer.twitter.com/en/docs/twitter-for-websites/cards/guides/getting-started
2023-06-14 19:30:19 +00:00
Tusooa Zhu
7b9cc9a9b0
Exclude Announce instead of restricting to Create in visibility_tags
2023-06-14 17:20:55 +00:00
Tusooa Zhu
fd38756e92
Do not stream out Announces to public timelines
2023-06-14 17:20:55 +00:00
Tusooa Zhu
5ef7c15d92
Make local-only posts stream in local timeline
2023-06-14 17:18:26 +00:00
Hélène
3227ebf1e1
CommonFixes: more predictable context generation
...
`context` fields for objects and activities can now be generated based
on the object/activity `inReplyTo` field or its ActivityPub ID, as a
fallback method in cases where `context` fields are missing for incoming
activities and objects.
2023-06-14 16:22:26 +00:00
Miki Hau
593ddbd796
fix the /embed endpoint
2023-05-31 23:42:08 +00:00
XxXCertifiedForkliftDriverXxX
1b560d547a
Stop exposing if a user blocks you over the API.
2023-05-28 23:42:27 +02:00
Haelwenn (lanodan) Monnier
70b0f93865
Apply oembed patch
2023-05-26 20:45:57 +01:00
FloatingGhost
a388d2503e
revert uploaded-media
2023-05-26 12:06:41 +01:00
FloatingGhost
7fb9960ccd
Add CSP to mediaproxy links
2023-05-26 11:46:18 +01:00
FloatingGhost
9d83a1e23f
Add csp
2023-05-26 11:41:22 +01:00
FloatingGhost
8c208f751d
Fix filtering out incorrect addresses
2023-05-23 13:46:25 +01:00
FloatingGhost
037f881187
Fix create processing in direct message disabled
2023-05-23 13:16:20 +01:00
FloatingGhost
ab34680554
switch to using an enum system for DM acceptance
2023-05-23 10:29:08 +01:00
FloatingGhost
d310f99d6a
Add MRFs for direct message manipulation
2023-05-22 23:53:44 +01:00
floatingghost
f72d773cc3
Merge pull request 'Make UserNote comment default to the empty string.' ( #530 ) from provable_ascent/akkoma:provable_ascent-patch-1 into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/530
2023-05-22 21:33:01 +00:00
midnight
f1e66b39c7
Return empty string in the event of no detected language
2023-05-08 18:52:19 -04:00
provable_ascent
d8bed0ff63
Make UserNote comment default to the empty string.
...
This make the behavior consistent between when UserNote doesn't exist and when comment is null.
The current behavior may return null in APIs, which misleads some clients doing feature detection into thinking the server does not support comments.
For example, see https://codeberg.org/husky/husky/issues/92
2023-04-27 05:22:12 +00:00
FloatingGhost
b86b3a9e29
Support public key URIs that incomprehensibly have GET args
...
Fixes #528
2023-04-25 13:30:20 +01:00
FloatingGhost
f2b4e7f86b
Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop
2023-04-14 17:56:56 +01:00
FloatingGhost
522221f7fb
Mix format
2023-04-14 17:56:34 +01:00
Atsuko Karagi
1fa3c0b485
Remove support for outdated Create format
2023-04-14 17:46:22 +01:00
Atsuko Karagi
d2b0d86471
HTTP signatures respect allowlist federation
2023-04-14 17:46:06 +01:00
FloatingGhost
f12d3cce39
ensure only pickable frontends can be returned
2023-04-14 17:42:40 +01:00
floatingghost
8c86a06ed1
Merge pull request 'Remove "default" image description' ( #493 ) from ilja/akkoma:remove_default_image_description into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/493
2023-04-14 16:27:41 +00:00
FloatingGhost
4c9c959bb3
Merge branch 'develop' into frontend-switcher-9000
2023-04-14 16:56:10 +01:00
FloatingGhost
9e8e7cc13e
Add note telling people to refresh
2023-04-14 16:55:48 +01:00
FloatingGhost
a079ec3a3c
in dev, allow dev FE
2023-04-14 16:36:40 +01:00
FloatingGhost
1b2c24a19e
fix tests
2023-04-14 15:20:55 +01:00
FloatingGhost
66d162bb9e
Add debug logs to timeline rendering to assist debugging
2023-03-29 12:01:16 +01:00
FloatingGhost
d85d1e128a
we don't actually need the object on redirect
2023-03-29 11:44:03 +01:00
sadposter
3f340cbc43
Only even attempt to fetch local activities by object_id
...
TODO: PLEASE FOR THE LOVE OF KANATAN CACHE THIS
2023-03-29 03:32:24 +01:00
FloatingGhost
de64c6c54a
add selection UI
2023-03-28 12:44:52 +01:00
floatingghost
281c4636fa
Merge pull request 'Show bubble_timeline in the api if any instances are set in it' ( #502 ) from foxing/akkoma:foxing-patch-1 into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/502
2023-03-21 10:13:41 +00:00
FloatingGhost
dd44387f1a
Add timeline visibility options
2023-03-17 15:33:28 +00:00
FloatingGhost
fe7045632b
also put publicVisibility in preloaded nodeinfo
2023-03-15 22:59:58 +00:00
FloatingGhost
9464d50562
Add publicTimelineVisibility to nodeinfo
2023-03-15 22:13:18 +00:00
foxing
bd040fe96a
Merge branch 'develop' into foxing-patch-1
2023-03-13 03:41:15 +00:00
foxing
ba635e97c8
Use enum empty instead
2023-03-13 03:40:20 +00:00
floatingghost
377d1483b6
Merge pull request 'Apply security patch from pleroma to prevent nested file names being uploaded to the server.' ( #507 ) from foxing/akkoma:foxing-patch-2 into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/507
2023-03-13 00:29:51 +00:00
FloatingGhost
643b8c5f15
ensure we send the right files for preferred fe
2023-03-12 23:59:10 +00:00
FloatingGhost
3d964a9970
Add frontend preference route
2023-03-12 23:24:07 +00:00
foxing
c2ae3273d5
Merge branch 'develop' into foxing-patch-2
2023-03-12 19:23:22 +00:00
foxing
3f76de76da
Apply Patch
2023-03-12 19:13:56 +00:00
flisk
0c77be9308
don't crash on malformed avatar and banner values
...
weird values in href will cause base64 encoding to fail later down the
line, so let's make sure the value we're passing on is somewhat sane, or
at the very least a binary
this fixes #482
2023-03-12 18:14:05 +01:00
ilja
6c396fcab4
Remove "default" image description
...
When no image description is filled in, Pleroma allowed fallbacks.
Those were (based on a setting) either the filename, or a fixed description.
Neither are good options for image descriptions imo, so here we remove this.
Note that there's two tests removed who supposedly tested something else.
But examining closer, they didn't seem to test what they claimed to test,
so I removed them rather than try to "fix" them.
2023-03-12 08:42:33 +01:00
foxing
e17d8f744e
Merge branch 'develop' into foxing-patch-1
2023-03-11 19:09:14 +00:00
FloatingGhost
70803d7966
Remove mix.env reference
2023-03-11 18:24:44 +00:00
FloatingGhost
5ca22c2459
ensure we can't have a null in appends
2023-03-11 17:24:49 +00:00
foxing
19eb826424
Show bubble_timeline in the api if any instances are set in it, do not show if none are set
2023-03-11 03:26:48 +00:00
FloatingGhost
9977588612
we should probably use ||
2023-03-10 18:49:08 +00:00
floatingghost
e124a109c1
Remove _misskey_reaction matching ( #500 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/500
2023-03-10 18:46:49 +00:00
FloatingGhost
08dfce98be
Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop
2023-03-10 03:51:45 +00:00
FloatingGhost
b2112302ce
Add more information about failed verifications
2023-03-10 03:51:24 +00:00
foxing
964a855319
Display Quote posts in the api features list to allow external clients to enable compatibility with it. ( #496 )
...
Expose quote posting in the api as a feature.
Copies what the quote post PR for pleroma does to allow external clients to enable and disable features based on the feature-set of the instance.
As far as I am aware, akkoma doesn't allow you to disable quote posting, so this doesn't need anything fancy and it's just a hard on switch.
I tried to get one for the bubble tl to work also, but I'm not quite sure how to do it so that it switches off the feature when the bubble tl is disabled. I would argue that it could and ideally should be done as well though.
I also discovered a pretty tame bug in the testing of it, that deleting the DB entry for the bubble tl does not stop the bubble TL from actually working and it will continue to display the panel on the about page, I'll just leave it as a note here.
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/496
Co-authored-by: foxing <foxing@noreply.akkoma>
Co-committed-by: foxing <foxing@noreply.akkoma>
2023-03-09 20:40:28 +00:00