Merge branch 'release/2.0.3' into 'stable'
Release/2.0.3 See merge request pleroma/secteam/pleroma!3
This commit is contained in:
commit
019a192e43
32
CHANGELOG.md
32
CHANGELOG.md
@ -3,6 +3,38 @@ All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## [2.0.3] - 2020-05-02
|
||||
|
||||
### Security
|
||||
- Disallow re-registration of previously deleted users, which allowed viewing direct messages addressed to them
|
||||
- Mastodon API: Fix `POST /api/v1/follow_requests/:id/authorize` allowing to force a follow from a local user even if they didn't request to follow
|
||||
- CSP: Sandbox uploads
|
||||
|
||||
### Fixed
|
||||
- Notifications from blocked domains
|
||||
- Potential federation issues with Mastodon versions before 3.0.0
|
||||
- HTTP Basic Authentication permissions issue
|
||||
- Follow/Block imports not being able to find the user if the nickname started with an `@`
|
||||
- Instance stats counting internal users
|
||||
- Inability to run a From Source release without git
|
||||
- ObjectAgePolicy didn't filter out old messages
|
||||
- `blob:` urls not being allowed by CSP
|
||||
|
||||
### Added
|
||||
- NodeInfo: ObjectAgePolicy settings to the `federation` list.
|
||||
- Follow request notifications
|
||||
<details>
|
||||
<summary>API Changes</summary>
|
||||
- Admin API: `GET /api/pleroma/admin/need_reboot`.
|
||||
</details>
|
||||
|
||||
### Upgrade notes
|
||||
|
||||
1. Restart Pleroma
|
||||
2. Run database migrations (inside Pleroma directory):
|
||||
- OTP: `./bin/pleroma_ctl migrate`
|
||||
- From Source: `mix ecto.migrate`
|
||||
|
||||
## [2.0.2] - 2020-04-08
|
||||
### Added
|
||||
- Support for Funkwhale's `Audio` activity
|
||||
|
@ -773,6 +773,8 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
||||
|
||||
### Restarts pleroma application
|
||||
|
||||
**Only works when configuration from database is enabled.**
|
||||
|
||||
- Params: none
|
||||
- Response:
|
||||
- On failure:
|
||||
@ -782,11 +784,24 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
||||
{}
|
||||
```
|
||||
|
||||
## `GET /api/pleroma/admin/need_reboot`
|
||||
|
||||
### Returns the flag whether the pleroma should be restarted
|
||||
|
||||
- Params: none
|
||||
- Response:
|
||||
- `need_reboot` - boolean
|
||||
```json
|
||||
{
|
||||
"need_reboot": false
|
||||
}
|
||||
```
|
||||
|
||||
## `GET /api/pleroma/admin/config`
|
||||
|
||||
### Get list of merged default settings with saved in database.
|
||||
|
||||
*If `need_reboot` flag exists in response, instance must be restarted, so reboot time settings can take effect.*
|
||||
*If `need_reboot` is `true`, instance must be restarted, so reboot time settings can take effect.*
|
||||
|
||||
**Only works when configuration from database is enabled.**
|
||||
|
||||
@ -808,13 +823,12 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
||||
"need_reboot": true
|
||||
}
|
||||
```
|
||||
need_reboot - *optional*, if were changed reboot time settings.
|
||||
|
||||
## `POST /api/pleroma/admin/config`
|
||||
|
||||
### Update config settings
|
||||
|
||||
*If `need_reboot` flag exists in response, instance must be restarted, so reboot time settings can take effect.*
|
||||
*If `need_reboot` is `true`, instance must be restarted, so reboot time settings can take effect.*
|
||||
|
||||
**Only works when configuration from database is enabled.**
|
||||
|
||||
@ -956,7 +970,6 @@ config :quack,
|
||||
"need_reboot": true
|
||||
}
|
||||
```
|
||||
need_reboot - *optional*, if were changed reboot time settings.
|
||||
|
||||
## ` GET /api/pleroma/admin/config/descriptions`
|
||||
|
||||
|
@ -36,7 +36,7 @@ content-security-policy:
|
||||
default-src 'none';
|
||||
base-uri 'self';
|
||||
frame-ancestors 'none';
|
||||
img-src 'self' data: https:;
|
||||
img-src 'self' data: blob: https:;
|
||||
media-src 'self' https:;
|
||||
style-src 'self' 'unsafe-inline';
|
||||
font-src 'self';
|
||||
|
@ -27,17 +27,13 @@ defmodule Pleroma.Activity do
|
||||
# https://github.com/tootsuite/mastodon/blob/master/app/models/notification.rb#L19
|
||||
@mastodon_notification_types %{
|
||||
"Create" => "mention",
|
||||
"Follow" => "follow",
|
||||
"Follow" => ["follow", "follow_request"],
|
||||
"Announce" => "reblog",
|
||||
"Like" => "favourite",
|
||||
"Move" => "move",
|
||||
"EmojiReact" => "pleroma:emoji_reaction"
|
||||
}
|
||||
|
||||
@mastodon_to_ap_notification_types for {k, v} <- @mastodon_notification_types,
|
||||
into: %{},
|
||||
do: {v, k}
|
||||
|
||||
schema "activities" do
|
||||
field(:data, :map)
|
||||
field(:local, :boolean, default: true)
|
||||
@ -291,15 +287,43 @@ defp purge_web_resp_cache(%Activity{} = activity) do
|
||||
|
||||
defp purge_web_resp_cache(nil), do: nil
|
||||
|
||||
for {ap_type, type} <- @mastodon_notification_types do
|
||||
def follow_accepted?(
|
||||
%Activity{data: %{"type" => "Follow", "object" => followed_ap_id}} = activity
|
||||
) do
|
||||
with %User{} = follower <- Activity.user_actor(activity),
|
||||
%User{} = followed <- User.get_cached_by_ap_id(followed_ap_id) do
|
||||
Pleroma.FollowingRelationship.following?(follower, followed)
|
||||
else
|
||||
_ -> false
|
||||
end
|
||||
end
|
||||
|
||||
def follow_accepted?(_), do: false
|
||||
|
||||
@spec mastodon_notification_type(Activity.t()) :: String.t() | nil
|
||||
|
||||
for {ap_type, type} <- @mastodon_notification_types, not is_list(type) do
|
||||
def mastodon_notification_type(%Activity{data: %{"type" => unquote(ap_type)}}),
|
||||
do: unquote(type)
|
||||
end
|
||||
|
||||
def mastodon_notification_type(%Activity{data: %{"type" => "Follow"}} = activity) do
|
||||
if follow_accepted?(activity) do
|
||||
"follow"
|
||||
else
|
||||
"follow_request"
|
||||
end
|
||||
end
|
||||
|
||||
def mastodon_notification_type(%Activity{}), do: nil
|
||||
|
||||
@spec from_mastodon_notification_type(String.t()) :: String.t() | nil
|
||||
@doc "Converts Mastodon notification type to AR activity type"
|
||||
def from_mastodon_notification_type(type) do
|
||||
Map.get(@mastodon_to_ap_notification_types, type)
|
||||
with {k, _v} <-
|
||||
Enum.find(@mastodon_notification_types, fn {_k, v} -> type in List.wrap(v) end) do
|
||||
k
|
||||
end
|
||||
end
|
||||
|
||||
def all_by_actor_and_id(actor, status_ids \\ [])
|
||||
|
@ -4,10 +4,16 @@
|
||||
|
||||
import EctoEnum
|
||||
|
||||
defenum(UserRelationshipTypeEnum,
|
||||
defenum(Pleroma.UserRelationship.Type,
|
||||
block: 1,
|
||||
mute: 2,
|
||||
reblog_mute: 3,
|
||||
notification_mute: 4,
|
||||
inverse_subscription: 5
|
||||
)
|
||||
|
||||
defenum(Pleroma.FollowingRelationship.State,
|
||||
follow_pending: 1,
|
||||
follow_accept: 2,
|
||||
follow_reject: 3
|
||||
)
|
||||
|
@ -8,12 +8,13 @@ defmodule Pleroma.FollowingRelationship do
|
||||
import Ecto.Changeset
|
||||
import Ecto.Query
|
||||
|
||||
alias Ecto.Changeset
|
||||
alias FlakeId.Ecto.CompatType
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
|
||||
schema "following_relationships" do
|
||||
field(:state, :string, default: "accept")
|
||||
field(:state, Pleroma.FollowingRelationship.State, default: :follow_pending)
|
||||
|
||||
belongs_to(:follower, User, type: CompatType)
|
||||
belongs_to(:following, User, type: CompatType)
|
||||
@ -27,6 +28,18 @@ def changeset(%__MODULE__{} = following_relationship, attrs) do
|
||||
|> put_assoc(:follower, attrs.follower)
|
||||
|> put_assoc(:following, attrs.following)
|
||||
|> validate_required([:state, :follower, :following])
|
||||
|> unique_constraint(:follower_id,
|
||||
name: :following_relationships_follower_id_following_id_index
|
||||
)
|
||||
|> validate_not_self_relationship()
|
||||
end
|
||||
|
||||
def state_to_enum(state) when state in ["pending", "accept", "reject"] do
|
||||
String.to_existing_atom("follow_#{state}")
|
||||
end
|
||||
|
||||
def state_to_enum(state) do
|
||||
raise "State is not convertible to Pleroma.FollowingRelationship.State: #{state}"
|
||||
end
|
||||
|
||||
def get(%User{} = follower, %User{} = following) do
|
||||
@ -35,7 +48,7 @@ def get(%User{} = follower, %User{} = following) do
|
||||
|> Repo.one()
|
||||
end
|
||||
|
||||
def update(follower, following, "reject"), do: unfollow(follower, following)
|
||||
def update(follower, following, :follow_reject), do: unfollow(follower, following)
|
||||
|
||||
def update(%User{} = follower, %User{} = following, state) do
|
||||
case get(follower, following) do
|
||||
@ -50,7 +63,7 @@ def update(%User{} = follower, %User{} = following, state) do
|
||||
end
|
||||
end
|
||||
|
||||
def follow(%User{} = follower, %User{} = following, state \\ "accept") do
|
||||
def follow(%User{} = follower, %User{} = following, state \\ :follow_accept) do
|
||||
%__MODULE__{}
|
||||
|> changeset(%{follower: follower, following: following, state: state})
|
||||
|> Repo.insert(on_conflict: :nothing)
|
||||
@ -80,7 +93,7 @@ def following_count(%User{} = user) do
|
||||
def get_follow_requests(%User{id: id}) do
|
||||
__MODULE__
|
||||
|> join(:inner, [r], f in assoc(r, :follower))
|
||||
|> where([r], r.state == "pending")
|
||||
|> where([r], r.state == ^:follow_pending)
|
||||
|> where([r], r.following_id == ^id)
|
||||
|> select([r, f], f)
|
||||
|> Repo.all()
|
||||
@ -88,7 +101,7 @@ def get_follow_requests(%User{id: id}) do
|
||||
|
||||
def following?(%User{id: follower_id}, %User{id: followed_id}) do
|
||||
__MODULE__
|
||||
|> where(follower_id: ^follower_id, following_id: ^followed_id, state: "accept")
|
||||
|> where(follower_id: ^follower_id, following_id: ^followed_id, state: ^:follow_accept)
|
||||
|> Repo.exists?()
|
||||
end
|
||||
|
||||
@ -97,7 +110,7 @@ def following(%User{} = user) do
|
||||
__MODULE__
|
||||
|> join(:inner, [r], u in User, on: r.following_id == u.id)
|
||||
|> where([r], r.follower_id == ^user.id)
|
||||
|> where([r], r.state == "accept")
|
||||
|> where([r], r.state == ^:follow_accept)
|
||||
|> select([r, u], u.follower_address)
|
||||
|> Repo.all()
|
||||
|
||||
@ -129,4 +142,58 @@ def move_following(origin, target) do
|
||||
move_following(origin, target)
|
||||
end
|
||||
end
|
||||
|
||||
def all_between_user_sets(
|
||||
source_users,
|
||||
target_users
|
||||
)
|
||||
when is_list(source_users) and is_list(target_users) do
|
||||
source_user_ids = User.binary_id(source_users)
|
||||
target_user_ids = User.binary_id(target_users)
|
||||
|
||||
__MODULE__
|
||||
|> where(
|
||||
fragment(
|
||||
"(follower_id = ANY(?) AND following_id = ANY(?)) OR \
|
||||
(follower_id = ANY(?) AND following_id = ANY(?))",
|
||||
^source_user_ids,
|
||||
^target_user_ids,
|
||||
^target_user_ids,
|
||||
^source_user_ids
|
||||
)
|
||||
)
|
||||
|> Repo.all()
|
||||
end
|
||||
|
||||
def find(following_relationships, follower, following) do
|
||||
Enum.find(following_relationships, fn
|
||||
fr -> fr.follower_id == follower.id and fr.following_id == following.id
|
||||
end)
|
||||
end
|
||||
|
||||
defp validate_not_self_relationship(%Changeset{} = changeset) do
|
||||
changeset
|
||||
|> validate_follower_id_following_id_inequality()
|
||||
|> validate_following_id_follower_id_inequality()
|
||||
end
|
||||
|
||||
defp validate_follower_id_following_id_inequality(%Changeset{} = changeset) do
|
||||
validate_change(changeset, :follower_id, fn _, follower_id ->
|
||||
if follower_id == get_field(changeset, :following_id) do
|
||||
[source_id: "can't be equal to following_id"]
|
||||
else
|
||||
[]
|
||||
end
|
||||
end)
|
||||
end
|
||||
|
||||
defp validate_following_id_follower_id_inequality(%Changeset{} = changeset) do
|
||||
validate_change(changeset, :following_id, fn _, following_id ->
|
||||
if following_id == get_field(changeset, :follower_id) do
|
||||
[target_id: "can't be equal to follower_id"]
|
||||
else
|
||||
[]
|
||||
end
|
||||
end)
|
||||
end
|
||||
end
|
||||
|
@ -271,6 +271,16 @@ def destroy_multiple(%{id: user_id} = _user, ids) do
|
||||
|> Repo.delete_all()
|
||||
end
|
||||
|
||||
def dismiss(%Pleroma.Activity{} = activity) do
|
||||
Notification
|
||||
|> where([n], n.activity_id == ^activity.id)
|
||||
|> Repo.delete_all()
|
||||
|> case do
|
||||
{_, notifications} -> {:ok, notifications}
|
||||
_ -> {:error, "Cannot dismiss notification"}
|
||||
end
|
||||
end
|
||||
|
||||
def dismiss(%{id: user_id} = _user, id) do
|
||||
notification = Repo.get(Notification, id)
|
||||
|
||||
@ -294,7 +304,7 @@ def create_notifications(%Activity{data: %{"to" => _, "type" => "Create"}} = act
|
||||
end
|
||||
|
||||
def create_notifications(%Activity{data: %{"type" => type}} = activity)
|
||||
when type in ["Like", "Announce", "Follow", "Move", "EmojiReact"] do
|
||||
when type in ["Follow", "Like", "Announce", "Move", "EmojiReact"] do
|
||||
do_create_notifications(activity)
|
||||
end
|
||||
|
||||
|
17
lib/pleroma/plugs/auth_expected_plug.ex
Normal file
17
lib/pleroma/plugs/auth_expected_plug.ex
Normal file
@ -0,0 +1,17 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Plugs.AuthExpectedPlug do
|
||||
import Plug.Conn
|
||||
|
||||
def init(options), do: options
|
||||
|
||||
def call(conn, _) do
|
||||
put_private(conn, :auth_expected, true)
|
||||
end
|
||||
|
||||
def auth_expected?(conn) do
|
||||
conn.private[:auth_expected]
|
||||
end
|
||||
end
|
@ -4,8 +4,11 @@
|
||||
|
||||
defmodule Pleroma.Plugs.AuthenticationPlug do
|
||||
alias Comeonin.Pbkdf2
|
||||
import Plug.Conn
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.User
|
||||
|
||||
import Plug.Conn
|
||||
|
||||
require Logger
|
||||
|
||||
def init(options), do: options
|
||||
@ -37,6 +40,7 @@ def call(
|
||||
if Pbkdf2.checkpw(password, password_hash) do
|
||||
conn
|
||||
|> assign(:user, auth_user)
|
||||
|> OAuthScopesPlug.skip_plug()
|
||||
else
|
||||
conn
|
||||
end
|
||||
|
@ -75,7 +75,7 @@ defp csp_string do
|
||||
"default-src 'none'",
|
||||
"base-uri 'self'",
|
||||
"frame-ancestors 'none'",
|
||||
"img-src 'self' data: https:",
|
||||
"img-src 'self' data: blob: https:",
|
||||
"media-src 'self' https:",
|
||||
"style-src 'self' 'unsafe-inline'",
|
||||
"font-src 'self'",
|
||||
|
@ -4,6 +4,8 @@
|
||||
|
||||
defmodule Pleroma.Plugs.LegacyAuthenticationPlug do
|
||||
import Plug.Conn
|
||||
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.User
|
||||
|
||||
def init(options) do
|
||||
@ -27,6 +29,7 @@ def call(
|
||||
conn
|
||||
|> assign(:auth_user, user)
|
||||
|> assign(:user, user)
|
||||
|> OAuthScopesPlug.skip_plug()
|
||||
else
|
||||
_ ->
|
||||
conn
|
||||
|
@ -13,8 +13,9 @@ defmodule Pleroma.Web.Plugs.MappedSignatureToIdentityPlug do
|
||||
def init(options), do: options
|
||||
|
||||
defp key_id_from_conn(conn) do
|
||||
with %{"keyId" => key_id} <- HTTPSignatures.signature_for_conn(conn) do
|
||||
Signature.key_id_to_actor_id(key_id)
|
||||
with %{"keyId" => key_id} <- HTTPSignatures.signature_for_conn(conn),
|
||||
{:ok, ap_id} <- Signature.key_id_to_actor_id(key_id) do
|
||||
ap_id
|
||||
else
|
||||
_ ->
|
||||
nil
|
||||
|
@ -8,12 +8,15 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
|
||||
alias Pleroma.Plugs.PlugHelper
|
||||
|
||||
use Pleroma.Web, :plug
|
||||
|
||||
@behaviour Plug
|
||||
|
||||
def init(%{scopes: _} = options), do: options
|
||||
|
||||
def call(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
|
||||
def perform(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
|
||||
op = options[:op] || :|
|
||||
token = assigns[:token]
|
||||
|
||||
|
40
lib/pleroma/plugs/plug_helper.ex
Normal file
40
lib/pleroma/plugs/plug_helper.ex
Normal file
@ -0,0 +1,40 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Plugs.PlugHelper do
|
||||
@moduledoc "Pleroma Plug helper"
|
||||
|
||||
@called_plugs_list_id :called_plugs
|
||||
def called_plugs_list_id, do: @called_plugs_list_id
|
||||
|
||||
@skipped_plugs_list_id :skipped_plugs
|
||||
def skipped_plugs_list_id, do: @skipped_plugs_list_id
|
||||
|
||||
@doc "Returns `true` if specified plug was called."
|
||||
def plug_called?(conn, plug_module) do
|
||||
contained_in_private_list?(conn, @called_plugs_list_id, plug_module)
|
||||
end
|
||||
|
||||
@doc "Returns `true` if specified plug was explicitly marked as skipped."
|
||||
def plug_skipped?(conn, plug_module) do
|
||||
contained_in_private_list?(conn, @skipped_plugs_list_id, plug_module)
|
||||
end
|
||||
|
||||
@doc "Returns `true` if specified plug was either called or explicitly marked as skipped."
|
||||
def plug_called_or_skipped?(conn, plug_module) do
|
||||
plug_called?(conn, plug_module) || plug_skipped?(conn, plug_module)
|
||||
end
|
||||
|
||||
# Appends plug to known list (skipped, called). Intended to be used from within plug code only.
|
||||
def append_to_private_list(conn, list_id, value) do
|
||||
list = conn.private[list_id] || []
|
||||
modified_list = Enum.uniq(list ++ [value])
|
||||
Plug.Conn.put_private(conn, list_id, modified_list)
|
||||
end
|
||||
|
||||
defp contained_in_private_list?(conn, private_variable, value) do
|
||||
list = conn.private[private_variable] || []
|
||||
value in list
|
||||
end
|
||||
end
|
@ -41,6 +41,7 @@ def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do
|
||||
conn ->
|
||||
conn
|
||||
end
|
||||
|> merge_resp_headers([{"content-security-policy", "sandbox"}])
|
||||
|
||||
config = Pleroma.Config.get(Pleroma.Upload)
|
||||
|
||||
|
@ -21,12 +21,21 @@ def key_id_to_actor_id(key_id) do
|
||||
uri
|
||||
end
|
||||
|
||||
URI.to_string(uri)
|
||||
case uri do
|
||||
%URI{scheme: scheme} when scheme in ["https", "http"] ->
|
||||
{:ok, URI.to_string(uri)}
|
||||
|
||||
_ ->
|
||||
case Pleroma.Web.WebFinger.finger(URI.to_string(uri)) do
|
||||
%{"ap_id" => ap_id} -> {:ok, ap_id}
|
||||
_ -> {:error, URI.to_string(uri)}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def fetch_public_key(conn) do
|
||||
with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
|
||||
actor_id <- key_id_to_actor_id(kid),
|
||||
{:ok, actor_id} <- key_id_to_actor_id(kid),
|
||||
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
||||
{:ok, public_key}
|
||||
else
|
||||
@ -37,7 +46,7 @@ def fetch_public_key(conn) do
|
||||
|
||||
def refetch_public_key(conn) do
|
||||
with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
|
||||
actor_id <- key_id_to_actor_id(kid),
|
||||
{:ok, actor_id} <- key_id_to_actor_id(kid),
|
||||
{:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
|
||||
{:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
|
||||
{:ok, public_key}
|
||||
|
@ -45,11 +45,11 @@ def get_peers do
|
||||
end
|
||||
|
||||
def init(_args) do
|
||||
{:ok, get_stat_data()}
|
||||
{:ok, calculate_stat_data()}
|
||||
end
|
||||
|
||||
def handle_call(:force_update, _from, _state) do
|
||||
new_stats = get_stat_data()
|
||||
new_stats = calculate_stat_data()
|
||||
{:reply, new_stats, new_stats}
|
||||
end
|
||||
|
||||
@ -58,12 +58,12 @@ def handle_call(:get_state, _from, state) do
|
||||
end
|
||||
|
||||
def handle_cast(:run_update, _state) do
|
||||
new_stats = get_stat_data()
|
||||
new_stats = calculate_stat_data()
|
||||
|
||||
{:noreply, new_stats}
|
||||
end
|
||||
|
||||
defp get_stat_data do
|
||||
def calculate_stat_data do
|
||||
peers =
|
||||
from(
|
||||
u in User,
|
||||
@ -77,7 +77,15 @@ defp get_stat_data do
|
||||
|
||||
status_count = Repo.aggregate(User.Query.build(%{local: true}), :sum, :note_count)
|
||||
|
||||
user_count = Repo.aggregate(User.Query.build(%{local: true, active: true}), :count, :id)
|
||||
users_query =
|
||||
from(u in User,
|
||||
where: u.deactivated != true,
|
||||
where: u.local == true,
|
||||
where: not is_nil(u.nickname),
|
||||
where: not u.invisible
|
||||
)
|
||||
|
||||
user_count = Repo.aggregate(users_query, :count, :id)
|
||||
|
||||
%{
|
||||
peers: peers,
|
||||
|
31
lib/pleroma/tests/oauth_test_controller.ex
Normal file
31
lib/pleroma/tests/oauth_test_controller.ex
Normal file
@ -0,0 +1,31 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
# A test controller reachable only in :test env.
|
||||
# Serves to test OAuth scopes check skipping / enforcement.
|
||||
defmodule Pleroma.Tests.OAuthTestController do
|
||||
@moduledoc false
|
||||
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
|
||||
plug(:skip_plug, OAuthScopesPlug when action == :skipped_oauth)
|
||||
|
||||
plug(OAuthScopesPlug, %{scopes: ["read"]} when action != :missed_oauth)
|
||||
|
||||
def skipped_oauth(conn, _params) do
|
||||
noop(conn)
|
||||
end
|
||||
|
||||
def performed_oauth(conn, _params) do
|
||||
noop(conn)
|
||||
end
|
||||
|
||||
def missed_oauth(conn, _params) do
|
||||
noop(conn)
|
||||
end
|
||||
|
||||
defp noop(conn), do: json(conn, %{})
|
||||
end
|
@ -227,6 +227,24 @@ def unquote(:"#{outgoing_relation_target}_ap_ids")(user, restrict_deactivated? \
|
||||
end
|
||||
end
|
||||
|
||||
@doc """
|
||||
Dumps Flake Id to SQL-compatible format (16-byte UUID).
|
||||
E.g. "9pQtDGXuq4p3VlcJEm" -> <<0, 0, 1, 110, 179, 218, 42, 92, 213, 41, 44, 227, 95, 213, 0, 0>>
|
||||
"""
|
||||
def binary_id(source_id) when is_binary(source_id) do
|
||||
with {:ok, dumped_id} <- FlakeId.Ecto.CompatType.dump(source_id) do
|
||||
dumped_id
|
||||
else
|
||||
_ -> source_id
|
||||
end
|
||||
end
|
||||
|
||||
def binary_id(source_ids) when is_list(source_ids) do
|
||||
Enum.map(source_ids, &binary_id/1)
|
||||
end
|
||||
|
||||
def binary_id(%User{} = user), do: binary_id(user.id)
|
||||
|
||||
@doc "Returns status account"
|
||||
@spec account_status(User.t()) :: account_status()
|
||||
def account_status(%User{deactivated: true}), do: :deactivated
|
||||
@ -688,8 +706,10 @@ def needs_update?(%User{local: false} = user) do
|
||||
def needs_update?(_), do: true
|
||||
|
||||
@spec maybe_direct_follow(User.t(), User.t()) :: {:ok, User.t()} | {:error, String.t()}
|
||||
|
||||
# "Locked" (self-locked) users demand explicit authorization of follow requests
|
||||
def maybe_direct_follow(%User{} = follower, %User{local: true, locked: true} = followed) do
|
||||
follow(follower, followed, "pending")
|
||||
follow(follower, followed, :follow_pending)
|
||||
end
|
||||
|
||||
def maybe_direct_follow(%User{} = follower, %User{local: true} = followed) do
|
||||
@ -709,14 +729,14 @@ def maybe_direct_follow(%User{} = follower, %User{} = followed) do
|
||||
def follow_all(follower, followeds) do
|
||||
followeds
|
||||
|> Enum.reject(fn followed -> blocks?(follower, followed) || blocks?(followed, follower) end)
|
||||
|> Enum.each(&follow(follower, &1, "accept"))
|
||||
|> Enum.each(&follow(follower, &1, :follow_accept))
|
||||
|
||||
set_cache(follower)
|
||||
end
|
||||
|
||||
defdelegate following(user), to: FollowingRelationship
|
||||
|
||||
def follow(%User{} = follower, %User{} = followed, state \\ "accept") do
|
||||
def follow(%User{} = follower, %User{} = followed, state \\ :follow_accept) do
|
||||
deny_follow_blocked = Pleroma.Config.get([:user, :deny_follow_blocked])
|
||||
|
||||
cond do
|
||||
@ -743,7 +763,7 @@ def unfollow(%User{ap_id: ap_id}, %User{ap_id: ap_id}) do
|
||||
|
||||
def unfollow(%User{} = follower, %User{} = followed) do
|
||||
case get_follow_state(follower, followed) do
|
||||
state when state in ["accept", "pending"] ->
|
||||
state when state in [:follow_pending, :follow_accept] ->
|
||||
FollowingRelationship.unfollow(follower, followed)
|
||||
{:ok, followed} = update_follower_count(followed)
|
||||
|
||||
@ -761,14 +781,18 @@ def unfollow(%User{} = follower, %User{} = followed) do
|
||||
|
||||
defdelegate following?(follower, followed), to: FollowingRelationship
|
||||
|
||||
@doc "Returns follow state as Pleroma.FollowingRelationship.State value"
|
||||
def get_follow_state(%User{} = follower, %User{} = following) do
|
||||
following_relationship = FollowingRelationship.get(follower, following)
|
||||
|
||||
case {following_relationship, following.local} do
|
||||
{nil, false} ->
|
||||
case Utils.fetch_latest_follow(follower, following) do
|
||||
%{data: %{"state" => state}} when state in ["pending", "accept"] -> state
|
||||
_ -> nil
|
||||
%Activity{data: %{"state" => state}} when state in ["pending", "accept"] ->
|
||||
FollowingRelationship.state_to_enum(state)
|
||||
|
||||
_ ->
|
||||
nil
|
||||
end
|
||||
|
||||
{%{state: state}, _} ->
|
||||
@ -1267,7 +1291,7 @@ def blocks?(nil, _), do: false
|
||||
|
||||
def blocks?(%User{} = user, %User{} = target) do
|
||||
blocks_user?(user, target) ||
|
||||
(!User.following?(user, target) && blocks_domain?(user, target))
|
||||
(blocks_domain?(user, target) and not User.following?(user, target))
|
||||
end
|
||||
|
||||
def blocks_user?(%User{} = user, %User{} = target) do
|
||||
@ -1416,9 +1440,16 @@ def perform(:delete, %User{} = user) do
|
||||
end)
|
||||
|
||||
delete_user_activities(user)
|
||||
|
||||
if user.local do
|
||||
user
|
||||
|> change(%{deactivated: true, email: nil})
|
||||
|> update_and_set_cache()
|
||||
else
|
||||
invalidate_cache(user)
|
||||
Repo.delete(user)
|
||||
end
|
||||
end
|
||||
|
||||
def perform(:deactivate_async, user, status), do: deactivate(user, status)
|
||||
|
||||
|
@ -148,7 +148,7 @@ defp compose_query({:followers, %User{id: id}}, query) do
|
||||
as: :relationships,
|
||||
on: r.following_id == ^id and r.follower_id == u.id
|
||||
)
|
||||
|> where([relationships: r], r.state == "accept")
|
||||
|> where([relationships: r], r.state == ^:follow_accept)
|
||||
end
|
||||
|
||||
defp compose_query({:friends, %User{id: id}}, query) do
|
||||
@ -158,7 +158,7 @@ defp compose_query({:friends, %User{id: id}}, query) do
|
||||
as: :relationships,
|
||||
on: r.following_id == u.id and r.follower_id == ^id
|
||||
)
|
||||
|> where([relationships: r], r.state == "accept")
|
||||
|> where([relationships: r], r.state == ^:follow_accept)
|
||||
end
|
||||
|
||||
defp compose_query({:recipients_from_activity, to}, query) do
|
||||
@ -173,7 +173,7 @@ defp compose_query({:recipients_from_activity, to}, query) do
|
||||
)
|
||||
|> where(
|
||||
[u, following: f, relationships: r],
|
||||
u.ap_id in ^to or (f.follower_address in ^to and r.state == "accept")
|
||||
u.ap_id in ^to or (f.follower_address in ^to and r.state == ^:follow_accept)
|
||||
)
|
||||
|> distinct(true)
|
||||
end
|
||||
|
@ -8,6 +8,8 @@ defmodule Pleroma.UserRelationship do
|
||||
import Ecto.Changeset
|
||||
import Ecto.Query
|
||||
|
||||
alias Ecto.Changeset
|
||||
alias Pleroma.FollowingRelationship
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.UserRelationship
|
||||
@ -15,12 +17,12 @@ defmodule Pleroma.UserRelationship do
|
||||
schema "user_relationships" do
|
||||
belongs_to(:source, User, type: FlakeId.Ecto.CompatType)
|
||||
belongs_to(:target, User, type: FlakeId.Ecto.CompatType)
|
||||
field(:relationship_type, UserRelationshipTypeEnum)
|
||||
field(:relationship_type, Pleroma.UserRelationship.Type)
|
||||
|
||||
timestamps(updated_at: false)
|
||||
end
|
||||
|
||||
for relationship_type <- Keyword.keys(UserRelationshipTypeEnum.__enum_map__()) do
|
||||
for relationship_type <- Keyword.keys(Pleroma.UserRelationship.Type.__enum_map__()) do
|
||||
# `def create_block/2`, `def create_mute/2`, `def create_reblog_mute/2`,
|
||||
# `def create_notification_mute/2`, `def create_inverse_subscription/2`
|
||||
def unquote(:"create_#{relationship_type}")(source, target),
|
||||
@ -37,6 +39,10 @@ def unquote(:"#{relationship_type}_exists?")(source, target),
|
||||
do: exists?(unquote(relationship_type), source, target)
|
||||
end
|
||||
|
||||
def user_relationship_types, do: Keyword.keys(user_relationship_mappings())
|
||||
|
||||
def user_relationship_mappings, do: Pleroma.UserRelationship.Type.__enum_map__()
|
||||
|
||||
def changeset(%UserRelationship{} = user_relationship, params \\ %{}) do
|
||||
user_relationship
|
||||
|> cast(params, [:relationship_type, :source_id, :target_id])
|
||||
@ -75,16 +81,81 @@ def delete(relationship_type, %User{} = source, %User{} = target) do
|
||||
end
|
||||
end
|
||||
|
||||
defp validate_not_self_relationship(%Ecto.Changeset{} = changeset) do
|
||||
changeset
|
||||
|> validate_change(:target_id, fn _, target_id ->
|
||||
if target_id == get_field(changeset, :source_id) do
|
||||
[target_id: "can't be equal to source_id"]
|
||||
else
|
||||
[]
|
||||
def dictionary(
|
||||
source_users,
|
||||
target_users,
|
||||
source_to_target_rel_types \\ nil,
|
||||
target_to_source_rel_types \\ nil
|
||||
)
|
||||
when is_list(source_users) and is_list(target_users) do
|
||||
source_user_ids = User.binary_id(source_users)
|
||||
target_user_ids = User.binary_id(target_users)
|
||||
|
||||
get_rel_type_codes = fn rel_type -> user_relationship_mappings()[rel_type] end
|
||||
|
||||
source_to_target_rel_types =
|
||||
Enum.map(source_to_target_rel_types || user_relationship_types(), &get_rel_type_codes.(&1))
|
||||
|
||||
target_to_source_rel_types =
|
||||
Enum.map(target_to_source_rel_types || user_relationship_types(), &get_rel_type_codes.(&1))
|
||||
|
||||
__MODULE__
|
||||
|> where(
|
||||
fragment(
|
||||
"(source_id = ANY(?) AND target_id = ANY(?) AND relationship_type = ANY(?)) OR \
|
||||
(source_id = ANY(?) AND target_id = ANY(?) AND relationship_type = ANY(?))",
|
||||
^source_user_ids,
|
||||
^target_user_ids,
|
||||
^source_to_target_rel_types,
|
||||
^target_user_ids,
|
||||
^source_user_ids,
|
||||
^target_to_source_rel_types
|
||||
)
|
||||
)
|
||||
|> select([ur], [ur.relationship_type, ur.source_id, ur.target_id])
|
||||
|> Repo.all()
|
||||
end
|
||||
end)
|
||||
|> validate_change(:source_id, fn _, source_id ->
|
||||
|
||||
def exists?(dictionary, rel_type, source, target, func) do
|
||||
cond do
|
||||
is_nil(source) or is_nil(target) ->
|
||||
false
|
||||
|
||||
dictionary ->
|
||||
[rel_type, source.id, target.id] in dictionary
|
||||
|
||||
true ->
|
||||
func.(source, target)
|
||||
end
|
||||
end
|
||||
|
||||
@doc ":relationships option for StatusView / AccountView / NotificationView"
|
||||
def view_relationships_option(nil = _reading_user, _actors) do
|
||||
%{user_relationships: [], following_relationships: []}
|
||||
end
|
||||
|
||||
def view_relationships_option(%User{} = reading_user, actors) do
|
||||
user_relationships =
|
||||
UserRelationship.dictionary(
|
||||
[reading_user],
|
||||
actors,
|
||||
[:block, :mute, :notification_mute, :reblog_mute],
|
||||
[:block, :inverse_subscription]
|
||||
)
|
||||
|
||||
following_relationships = FollowingRelationship.all_between_user_sets([reading_user], actors)
|
||||
|
||||
%{user_relationships: user_relationships, following_relationships: following_relationships}
|
||||
end
|
||||
|
||||
defp validate_not_self_relationship(%Changeset{} = changeset) do
|
||||
changeset
|
||||
|> validate_source_id_target_id_inequality()
|
||||
|> validate_target_id_source_id_inequality()
|
||||
end
|
||||
|
||||
defp validate_source_id_target_id_inequality(%Changeset{} = changeset) do
|
||||
validate_change(changeset, :source_id, fn _, source_id ->
|
||||
if source_id == get_field(changeset, :target_id) do
|
||||
[source_id: "can't be equal to target_id"]
|
||||
else
|
||||
@ -92,4 +163,14 @@ defp validate_not_self_relationship(%Ecto.Changeset{} = changeset) do
|
||||
end
|
||||
end)
|
||||
end
|
||||
|
||||
defp validate_target_id_source_id_inequality(%Changeset{} = changeset) do
|
||||
validate_change(changeset, :target_id, fn _, target_id ->
|
||||
if target_id == get_field(changeset, :source_id) do
|
||||
[target_id: "can't be equal to source_id"]
|
||||
else
|
||||
[]
|
||||
end
|
||||
end)
|
||||
end
|
||||
end
|
||||
|
@ -11,7 +11,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy do
|
||||
@moduledoc "Filter activities depending on their age"
|
||||
@behaviour Pleroma.Web.ActivityPub.MRF
|
||||
|
||||
defp check_date(%{"published" => published} = message) do
|
||||
defp check_date(%{"object" => %{"published" => published}} = message) do
|
||||
with %DateTime{} = now <- DateTime.utc_now(),
|
||||
{:ok, %DateTime{} = then, _} <- DateTime.from_iso8601(published),
|
||||
max_ttl <- Config.get([:mrf_object_age, :threshold]),
|
||||
@ -96,5 +96,11 @@ def filter(%{"type" => "Create", "published" => _} = message) do
|
||||
def filter(message), do: {:ok, message}
|
||||
|
||||
@impl true
|
||||
def describe, do: {:ok, %{}}
|
||||
def describe do
|
||||
mrf_object_age =
|
||||
Pleroma.Config.get(:mrf_object_age)
|
||||
|> Enum.into(%{})
|
||||
|
||||
{:ok, %{mrf_object_age: mrf_object_age}}
|
||||
end
|
||||
end
|
||||
|
@ -491,7 +491,8 @@ def handle_incoming(
|
||||
{_, {:ok, follower}} <- {:follow, User.follow(follower, followed)},
|
||||
{_, {:ok, _}} <-
|
||||
{:follow_state_update, Utils.update_follow_state_for_all(activity, "accept")},
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, "accept") do
|
||||
{:ok, _relationship} <-
|
||||
FollowingRelationship.update(follower, followed, :follow_accept) do
|
||||
ActivityPub.accept(%{
|
||||
to: [follower.ap_id],
|
||||
actor: followed,
|
||||
@ -501,7 +502,7 @@ def handle_incoming(
|
||||
else
|
||||
{:user_blocked, true} ->
|
||||
{:ok, _} = Utils.update_follow_state_for_all(activity, "reject")
|
||||
{:ok, _relationship} = FollowingRelationship.update(follower, followed, "reject")
|
||||
{:ok, _relationship} = FollowingRelationship.update(follower, followed, :follow_reject)
|
||||
|
||||
ActivityPub.reject(%{
|
||||
to: [follower.ap_id],
|
||||
@ -512,7 +513,7 @@ def handle_incoming(
|
||||
|
||||
{:follow, {:error, _}} ->
|
||||
{:ok, _} = Utils.update_follow_state_for_all(activity, "reject")
|
||||
{:ok, _relationship} = FollowingRelationship.update(follower, followed, "reject")
|
||||
{:ok, _relationship} = FollowingRelationship.update(follower, followed, :follow_reject)
|
||||
|
||||
ActivityPub.reject(%{
|
||||
to: [follower.ap_id],
|
||||
@ -522,7 +523,7 @@ def handle_incoming(
|
||||
})
|
||||
|
||||
{:user_locked, true} ->
|
||||
{:ok, _relationship} = FollowingRelationship.update(follower, followed, "pending")
|
||||
{:ok, _relationship} = FollowingRelationship.update(follower, followed, :follow_pending)
|
||||
:noop
|
||||
end
|
||||
|
||||
@ -542,7 +543,7 @@ def handle_incoming(
|
||||
{:ok, follow_activity} <- get_follow_activity(follow_object, followed),
|
||||
{:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "accept"),
|
||||
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]),
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, "accept") do
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_accept) do
|
||||
ActivityPub.accept(%{
|
||||
to: follow_activity.data["to"],
|
||||
type: "Accept",
|
||||
@ -565,7 +566,7 @@ def handle_incoming(
|
||||
{:ok, follow_activity} <- get_follow_activity(follow_object, followed),
|
||||
{:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "reject"),
|
||||
%User{local: true} = follower <- User.get_cached_by_ap_id(follow_activity.data["actor"]),
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, "reject"),
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_reject),
|
||||
{:ok, activity} <-
|
||||
ActivityPub.reject(%{
|
||||
to: follow_activity.data["to"],
|
||||
|
@ -911,16 +911,7 @@ def config_show(conn, _params) do
|
||||
end)
|
||||
|> List.flatten()
|
||||
|
||||
response = %{configs: merged}
|
||||
|
||||
response =
|
||||
if Restarter.Pleroma.need_reboot?() do
|
||||
Map.put(response, :need_reboot, true)
|
||||
else
|
||||
response
|
||||
end
|
||||
|
||||
json(conn, response)
|
||||
json(conn, %{configs: merged, need_reboot: Restarter.Pleroma.need_reboot?()})
|
||||
end
|
||||
end
|
||||
|
||||
@ -947,28 +938,22 @@ def config_update(conn, %{"configs" => configs}) do
|
||||
|
||||
Config.TransferTask.load_and_update_env(deleted, false)
|
||||
|
||||
need_reboot? =
|
||||
Restarter.Pleroma.need_reboot?() ||
|
||||
Enum.any?(updated, fn config ->
|
||||
if !Restarter.Pleroma.need_reboot?() do
|
||||
changed_reboot_settings? =
|
||||
(updated ++ deleted)
|
||||
|> Enum.any?(fn config ->
|
||||
group = ConfigDB.from_string(config.group)
|
||||
key = ConfigDB.from_string(config.key)
|
||||
value = ConfigDB.from_binary(config.value)
|
||||
Config.TransferTask.pleroma_need_restart?(group, key, value)
|
||||
end)
|
||||
|
||||
response = %{configs: updated}
|
||||
|
||||
response =
|
||||
if need_reboot? do
|
||||
Restarter.Pleroma.need_reboot()
|
||||
Map.put(response, :need_reboot, need_reboot?)
|
||||
else
|
||||
response
|
||||
if changed_reboot_settings?, do: Restarter.Pleroma.need_reboot()
|
||||
end
|
||||
|
||||
conn
|
||||
|> put_view(ConfigView)
|
||||
|> render("index.json", response)
|
||||
|> render("index.json", %{configs: updated, need_reboot: Restarter.Pleroma.need_reboot?()})
|
||||
end
|
||||
end
|
||||
|
||||
@ -980,6 +965,10 @@ def restart(conn, _params) do
|
||||
end
|
||||
end
|
||||
|
||||
def need_reboot(conn, _params) do
|
||||
json(conn, %{need_reboot: Restarter.Pleroma.need_reboot?()})
|
||||
end
|
||||
|
||||
defp configurable_from_database(conn) do
|
||||
if Config.get(:configurable_from_database) do
|
||||
:ok
|
||||
|
@ -7,6 +7,7 @@ defmodule Pleroma.Web.CommonAPI do
|
||||
alias Pleroma.ActivityExpiration
|
||||
alias Pleroma.Conversation.Participation
|
||||
alias Pleroma.FollowingRelationship
|
||||
alias Pleroma.Notification
|
||||
alias Pleroma.Object
|
||||
alias Pleroma.ThreadMute
|
||||
alias Pleroma.User
|
||||
@ -39,10 +40,10 @@ def unfollow(follower, unfollowed) do
|
||||
end
|
||||
|
||||
def accept_follow_request(follower, followed) do
|
||||
with {:ok, follower} <- User.follow(follower, followed),
|
||||
%Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
||||
with %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
||||
{:ok, follower} <- User.follow(follower, followed),
|
||||
{:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "accept"),
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, "accept"),
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_accept),
|
||||
{:ok, _activity} <-
|
||||
ActivityPub.accept(%{
|
||||
to: [follower.ap_id],
|
||||
@ -57,7 +58,8 @@ def accept_follow_request(follower, followed) do
|
||||
def reject_follow_request(follower, followed) do
|
||||
with %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
|
||||
{:ok, follow_activity} <- Utils.update_follow_state_for_all(follow_activity, "reject"),
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, "reject"),
|
||||
{:ok, _relationship} <- FollowingRelationship.update(follower, followed, :follow_reject),
|
||||
{:ok, _notifications} <- Notification.dismiss(follow_activity),
|
||||
{:ok, _activity} <-
|
||||
ActivityPub.reject(%{
|
||||
to: [follower.ap_id],
|
||||
@ -83,8 +85,9 @@ def delete(activity_id, user) do
|
||||
end
|
||||
end
|
||||
|
||||
def repeat(id_or_ap_id, user, params \\ %{}) do
|
||||
with {_, %Activity{} = activity} <- {:find_activity, get_by_id_or_ap_id(id_or_ap_id)},
|
||||
def repeat(id, user, params \\ %{}) do
|
||||
with {_, %Activity{data: %{"type" => "Create"}} = activity} <-
|
||||
{:find_activity, Activity.get_by_id(id)},
|
||||
object <- Object.normalize(activity),
|
||||
announce_activity <- Utils.get_existing_announce(user.ap_id, object),
|
||||
public <- public_announce?(object, params) do
|
||||
@ -99,8 +102,9 @@ def repeat(id_or_ap_id, user, params \\ %{}) do
|
||||
end
|
||||
end
|
||||
|
||||
def unrepeat(id_or_ap_id, user) do
|
||||
with {_, %Activity{} = activity} <- {:find_activity, get_by_id_or_ap_id(id_or_ap_id)} do
|
||||
def unrepeat(id, user) do
|
||||
with {_, %Activity{data: %{"type" => "Create"}} = activity} <-
|
||||
{:find_activity, Activity.get_by_id(id)} do
|
||||
object = Object.normalize(activity)
|
||||
ActivityPub.unannounce(user, object)
|
||||
else
|
||||
@ -109,8 +113,8 @@ def unrepeat(id_or_ap_id, user) do
|
||||
end
|
||||
end
|
||||
|
||||
def favorite(id_or_ap_id, user) do
|
||||
with {_, %Activity{} = activity} <- {:find_activity, get_by_id_or_ap_id(id_or_ap_id)},
|
||||
def favorite(id, user) do
|
||||
with {_, %Activity{} = activity} <- {:find_activity, Activity.get_by_id(id)},
|
||||
object <- Object.normalize(activity),
|
||||
like_activity <- Utils.get_existing_like(user.ap_id, object) do
|
||||
if like_activity do
|
||||
@ -124,8 +128,9 @@ def favorite(id_or_ap_id, user) do
|
||||
end
|
||||
end
|
||||
|
||||
def unfavorite(id_or_ap_id, user) do
|
||||
with {_, %Activity{} = activity} <- {:find_activity, get_by_id_or_ap_id(id_or_ap_id)} do
|
||||
def unfavorite(id, user) do
|
||||
with {_, %Activity{data: %{"type" => "Create"}} = activity} <-
|
||||
{:find_activity, Activity.get_by_id(id)} do
|
||||
object = Object.normalize(activity)
|
||||
ActivityPub.unlike(user, object)
|
||||
else
|
||||
@ -316,12 +321,12 @@ def update(user) do
|
||||
})
|
||||
end
|
||||
|
||||
def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do
|
||||
def pin(id, %{ap_id: user_ap_id} = user) do
|
||||
with %Activity{
|
||||
actor: ^user_ap_id,
|
||||
data: %{"type" => "Create"},
|
||||
object: %Object{data: %{"type" => object_type}}
|
||||
} = activity <- get_by_id_or_ap_id(id_or_ap_id),
|
||||
} = activity <- Activity.get_by_id_with_object(id),
|
||||
true <- object_type in ["Note", "Article", "Question"],
|
||||
true <- Visibility.is_public?(activity),
|
||||
{:ok, _user} <- User.add_pinnned_activity(user, activity) do
|
||||
@ -332,8 +337,8 @@ def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do
|
||||
end
|
||||
end
|
||||
|
||||
def unpin(id_or_ap_id, user) do
|
||||
with %Activity{} = activity <- get_by_id_or_ap_id(id_or_ap_id),
|
||||
def unpin(id, user) do
|
||||
with %Activity{data: %{"type" => "Create"}} = activity <- Activity.get_by_id(id),
|
||||
{:ok, _user} <- User.remove_pinnned_activity(user, activity) do
|
||||
{:ok, activity}
|
||||
else
|
||||
|
@ -24,24 +24,6 @@ defmodule Pleroma.Web.CommonAPI.Utils do
|
||||
require Logger
|
||||
require Pleroma.Constants
|
||||
|
||||
# This is a hack for twidere.
|
||||
def get_by_id_or_ap_id(id) do
|
||||
activity =
|
||||
with true <- FlakeId.flake_id?(id),
|
||||
%Activity{} = activity <- Activity.get_by_id_with_object(id) do
|
||||
activity
|
||||
else
|
||||
_ -> Activity.get_create_by_object_ap_id_with_object(id)
|
||||
end
|
||||
|
||||
activity &&
|
||||
if activity.data["type"] == "Create" do
|
||||
activity
|
||||
else
|
||||
Activity.get_create_by_object_ap_id_with_object(activity.data["object"])
|
||||
end
|
||||
end
|
||||
|
||||
def attachments_from_ids(%{"media_ids" => ids, "descriptions" => desc} = _) do
|
||||
attachments_from_ids_descs(ids, desc)
|
||||
end
|
||||
|
@ -17,7 +17,7 @@ defmodule Pleroma.Web.MastoFEController do
|
||||
when action == :index
|
||||
)
|
||||
|
||||
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)
|
||||
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action not in [:index, :manifest])
|
||||
|
||||
@doc "GET /web/*path"
|
||||
def index(%{assigns: %{user: user, token: token}} = conn, _params)
|
||||
|
@ -15,10 +15,13 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
|
||||
alias Pleroma.Web.CommonAPI
|
||||
alias Pleroma.Web.MastodonAPI.ListView
|
||||
alias Pleroma.Web.MastodonAPI.MastodonAPI
|
||||
alias Pleroma.Web.MastodonAPI.MastodonAPIController
|
||||
alias Pleroma.Web.MastodonAPI.StatusView
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
alias Pleroma.Web.TwitterAPI.TwitterAPI
|
||||
|
||||
plug(:skip_plug, OAuthScopesPlug when action == :identity_proofs)
|
||||
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
|
||||
@ -366,6 +369,8 @@ def blocks(%{assigns: %{user: user}} = conn, _) do
|
||||
end
|
||||
|
||||
@doc "GET /api/v1/endorsements"
|
||||
def endorsements(conn, params),
|
||||
do: Pleroma.Web.MastodonAPI.MastodonAPIController.empty_array(conn, params)
|
||||
def endorsements(conn, params), do: MastodonAPIController.empty_array(conn, params)
|
||||
|
||||
@doc "GET /api/v1/identity_proofs"
|
||||
def identity_proofs(conn, params), do: MastodonAPIController.empty_array(conn, params)
|
||||
end
|
||||
|
@ -3,21 +3,31 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
||||
@moduledoc """
|
||||
Contains stubs for unimplemented Mastodon API endpoints.
|
||||
|
||||
Note: instead of routing directly to this controller's action,
|
||||
it's preferable to define an action in relevant (non-generic) controller,
|
||||
set up OAuth rules for it and call this controller's function from it.
|
||||
"""
|
||||
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
require Logger
|
||||
|
||||
plug(:skip_plug, Pleroma.Plugs.OAuthScopesPlug when action in [:empty_array, :empty_object])
|
||||
|
||||
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||
|
||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||
|
||||
# Stubs for unimplemented mastodon api
|
||||
#
|
||||
def empty_array(conn, _) do
|
||||
Logger.debug("Unimplemented, returning an empty array")
|
||||
Logger.debug("Unimplemented, returning an empty array (list)")
|
||||
json(conn, [])
|
||||
end
|
||||
|
||||
def empty_object(conn, _) do
|
||||
Logger.debug("Unimplemented, returning an empty object")
|
||||
Logger.debug("Unimplemented, returning an empty object (map)")
|
||||
json(conn, %{})
|
||||
end
|
||||
end
|
||||
|
@ -5,10 +5,13 @@
|
||||
defmodule Pleroma.Web.MastodonAPI.SuggestionController do
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
|
||||
require Logger
|
||||
|
||||
plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :index)
|
||||
|
||||
@doc "GET /api/v1/suggestions"
|
||||
def index(conn, _) do
|
||||
json(conn, [])
|
||||
end
|
||||
def index(conn, params),
|
||||
do: Pleroma.Web.MastodonAPI.MastodonAPIController.empty_array(conn, params)
|
||||
end
|
||||
|
@ -49,12 +49,12 @@ def render("show.json", %{
|
||||
"move" ->
|
||||
put_target(response, activity, user)
|
||||
|
||||
"follow" ->
|
||||
response
|
||||
|
||||
"pleroma:emoji_reaction" ->
|
||||
put_status(response, parent_activity, user) |> put_emoji(activity)
|
||||
|
||||
type when type in ["follow", "follow_request"] ->
|
||||
response
|
||||
|
||||
_ ->
|
||||
nil
|
||||
end
|
||||
|
@ -27,6 +27,8 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
||||
plug(:fetch_flash)
|
||||
plug(RateLimiter, [name: :authentication] when action == :create_authorization)
|
||||
|
||||
plug(:skip_plug, Pleroma.Plugs.OAuthScopesPlug)
|
||||
|
||||
action_fallback(Pleroma.Web.OAuth.FallbackController)
|
||||
|
||||
@oob_token_redirect_uri "urn:ietf:wg:oauth:2.0:oob"
|
||||
|
@ -34,7 +34,7 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
|
||||
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{scopes: ["write:conversations"]} when action == :update_conversation
|
||||
%{scopes: ["write:conversations"]} when action in [:update_conversation, :read_conversations]
|
||||
)
|
||||
|
||||
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :read_notification)
|
||||
@ -53,7 +53,10 @@ def emoji_reactions_by(%{assigns: %{user: user}} = conn, %{"id" => activity_id}
|
||||
else
|
||||
users =
|
||||
Enum.map(user_ap_ids, &User.get_cached_by_ap_id/1)
|
||||
|> Enum.filter(& &1)
|
||||
|> Enum.filter(fn
|
||||
%{deactivated: false} -> true
|
||||
_ -> false
|
||||
end)
|
||||
|
||||
%{
|
||||
name: emoji,
|
||||
|
@ -16,6 +16,8 @@ defmodule Pleroma.Web.Push.Impl do
|
||||
require Logger
|
||||
import Ecto.Query
|
||||
|
||||
defdelegate mastodon_notification_type(activity), to: Activity
|
||||
|
||||
@types ["Create", "Follow", "Announce", "Like", "Move"]
|
||||
|
||||
@doc "Performs sending notifications for user subscriptions"
|
||||
@ -24,32 +26,32 @@ def perform(
|
||||
%{
|
||||
activity: %{data: %{"type" => activity_type}} = activity,
|
||||
user: %User{id: user_id}
|
||||
} = notif
|
||||
} = notification
|
||||
)
|
||||
when activity_type in @types do
|
||||
actor = User.get_cached_by_ap_id(notif.activity.data["actor"])
|
||||
actor = User.get_cached_by_ap_id(notification.activity.data["actor"])
|
||||
|
||||
type = Activity.mastodon_notification_type(notif.activity)
|
||||
mastodon_type = mastodon_notification_type(notification.activity)
|
||||
gcm_api_key = Application.get_env(:web_push_encryption, :gcm_api_key)
|
||||
avatar_url = User.avatar_url(actor)
|
||||
object = Object.normalize(activity)
|
||||
user = User.get_cached_by_id(user_id)
|
||||
direct_conversation_id = Activity.direct_conversation_id(activity, user)
|
||||
|
||||
for subscription <- fetch_subsriptions(user_id),
|
||||
get_in(subscription.data, ["alerts", type]) do
|
||||
for subscription <- fetch_subscriptions(user_id),
|
||||
Subscription.enabled?(subscription, mastodon_type) do
|
||||
%{
|
||||
access_token: subscription.token.token,
|
||||
notification_id: notif.id,
|
||||
notification_type: type,
|
||||
notification_id: notification.id,
|
||||
notification_type: mastodon_type,
|
||||
icon: avatar_url,
|
||||
preferred_locale: "en",
|
||||
pleroma: %{
|
||||
activity_id: notif.activity.id,
|
||||
activity_id: notification.activity.id,
|
||||
direct_conversation_id: direct_conversation_id
|
||||
}
|
||||
}
|
||||
|> Map.merge(build_content(notif, actor, object))
|
||||
|> Map.merge(build_content(notification, actor, object, mastodon_type))
|
||||
|> Jason.encode!()
|
||||
|> push_message(build_sub(subscription), gcm_api_key, subscription)
|
||||
end
|
||||
@ -82,7 +84,7 @@ def push_message(body, sub, api_key, subscription) do
|
||||
end
|
||||
|
||||
@doc "Gets user subscriptions"
|
||||
def fetch_subsriptions(user_id) do
|
||||
def fetch_subscriptions(user_id) do
|
||||
Subscription
|
||||
|> where(user_id: ^user_id)
|
||||
|> preload(:token)
|
||||
@ -99,28 +101,36 @@ def build_sub(subscription) do
|
||||
}
|
||||
end
|
||||
|
||||
def build_content(notification, actor, object, mastodon_type \\ nil)
|
||||
|
||||
def build_content(
|
||||
%{
|
||||
activity: %{data: %{"directMessage" => true}},
|
||||
user: %{notification_settings: %{privacy_option: true}}
|
||||
},
|
||||
actor,
|
||||
_
|
||||
_object,
|
||||
_mastodon_type
|
||||
) do
|
||||
%{title: "New Direct Message", body: "@#{actor.nickname}"}
|
||||
end
|
||||
|
||||
def build_content(notif, actor, object) do
|
||||
def build_content(notification, actor, object, mastodon_type) do
|
||||
mastodon_type = mastodon_type || mastodon_notification_type(notification.activity)
|
||||
|
||||
%{
|
||||
title: format_title(notif),
|
||||
body: format_body(notif, actor, object)
|
||||
title: format_title(notification, mastodon_type),
|
||||
body: format_body(notification, actor, object, mastodon_type)
|
||||
}
|
||||
end
|
||||
|
||||
def format_body(activity, actor, object, mastodon_type \\ nil)
|
||||
|
||||
def format_body(
|
||||
%{activity: %{data: %{"type" => "Create"}}},
|
||||
actor,
|
||||
%{data: %{"content" => content}}
|
||||
%{data: %{"content" => content}},
|
||||
_mastodon_type
|
||||
) do
|
||||
"@#{actor.nickname}: #{Utils.scrub_html_and_truncate(content, 80)}"
|
||||
end
|
||||
@ -128,33 +138,44 @@ def format_body(
|
||||
def format_body(
|
||||
%{activity: %{data: %{"type" => "Announce"}}},
|
||||
actor,
|
||||
%{data: %{"content" => content}}
|
||||
%{data: %{"content" => content}},
|
||||
_mastodon_type
|
||||
) do
|
||||
"@#{actor.nickname} repeated: #{Utils.scrub_html_and_truncate(content, 80)}"
|
||||
end
|
||||
|
||||
def format_body(
|
||||
%{activity: %{data: %{"type" => type}}},
|
||||
%{activity: %{data: %{"type" => type}}} = notification,
|
||||
actor,
|
||||
_object
|
||||
_object,
|
||||
mastodon_type
|
||||
)
|
||||
when type in ["Follow", "Like"] do
|
||||
case type do
|
||||
"Follow" -> "@#{actor.nickname} has followed you"
|
||||
"Like" -> "@#{actor.nickname} has favorited your post"
|
||||
mastodon_type = mastodon_type || mastodon_notification_type(notification.activity)
|
||||
|
||||
case mastodon_type do
|
||||
"follow" -> "@#{actor.nickname} has followed you"
|
||||
"follow_request" -> "@#{actor.nickname} has requested to follow you"
|
||||
"favourite" -> "@#{actor.nickname} has favorited your post"
|
||||
end
|
||||
end
|
||||
|
||||
def format_title(%{activity: %{data: %{"directMessage" => true}}}) do
|
||||
def format_title(activity, mastodon_type \\ nil)
|
||||
|
||||
def format_title(%{activity: %{data: %{"directMessage" => true}}}, _mastodon_type) do
|
||||
"New Direct Message"
|
||||
end
|
||||
|
||||
def format_title(%{activity: %{data: %{"type" => type}}}) do
|
||||
case type do
|
||||
"Create" -> "New Mention"
|
||||
"Follow" -> "New Follower"
|
||||
"Announce" -> "New Repeat"
|
||||
"Like" -> "New Favorite"
|
||||
def format_title(%{activity: activity}, mastodon_type) do
|
||||
mastodon_type = mastodon_type || mastodon_notification_type(activity)
|
||||
|
||||
case mastodon_type do
|
||||
"mention" -> "New Mention"
|
||||
"follow" -> "New Follower"
|
||||
"follow_request" -> "New Follow Request"
|
||||
"reblog" -> "New Repeat"
|
||||
"favourite" -> "New Favorite"
|
||||
type -> "New #{String.capitalize(type || "event")}"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -32,6 +32,14 @@ defp alerts(%{"data" => %{"alerts" => alerts}}) do
|
||||
%{"alerts" => alerts}
|
||||
end
|
||||
|
||||
def enabled?(subscription, "follow_request") do
|
||||
enabled?(subscription, "follow")
|
||||
end
|
||||
|
||||
def enabled?(subscription, alert_type) do
|
||||
get_in(subscription.data, ["alerts", alert_type])
|
||||
end
|
||||
|
||||
def create(
|
||||
%User{} = user,
|
||||
%Token{} = token,
|
||||
|
@ -64,5 +64,8 @@ def fetch_data_for_activity(%Activity{data: %{"type" => "Create"}} = activity) d
|
||||
|
||||
def fetch_data_for_activity(_), do: %{}
|
||||
|
||||
def perform(:fetch, %Activity{} = activity), do: fetch_data_for_activity(activity)
|
||||
def perform(:fetch, %Activity{} = activity) do
|
||||
fetch_data_for_activity(activity)
|
||||
:ok
|
||||
end
|
||||
end
|
||||
|
@ -34,6 +34,7 @@ defmodule Pleroma.Web.Router do
|
||||
pipeline :authenticated_api do
|
||||
plug(:accepts, ["json"])
|
||||
plug(:fetch_session)
|
||||
plug(Pleroma.Plugs.AuthExpectedPlug)
|
||||
plug(Pleroma.Plugs.OAuthPlug)
|
||||
plug(Pleroma.Plugs.BasicAuthDecoderPlug)
|
||||
plug(Pleroma.Plugs.UserFetcherPlug)
|
||||
@ -199,6 +200,7 @@ defmodule Pleroma.Web.Router do
|
||||
get("/config", AdminAPIController, :config_show)
|
||||
post("/config", AdminAPIController, :config_update)
|
||||
get("/config/descriptions", AdminAPIController, :config_descriptions)
|
||||
get("/need_reboot", AdminAPIController, :need_reboot)
|
||||
get("/restart", AdminAPIController, :restart)
|
||||
|
||||
get("/moderation_log", AdminAPIController, :list_log)
|
||||
@ -334,7 +336,7 @@ defmodule Pleroma.Web.Router do
|
||||
get("/accounts/relationships", AccountController, :relationships)
|
||||
|
||||
get("/accounts/:id/lists", AccountController, :lists)
|
||||
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array)
|
||||
get("/accounts/:id/identity_proofs", AccountController, :identity_proofs)
|
||||
|
||||
get("/follow_requests", FollowRequestController, :index)
|
||||
get("/blocks", AccountController, :blocks)
|
||||
@ -657,6 +659,17 @@ defmodule Pleroma.Web.Router do
|
||||
end
|
||||
end
|
||||
|
||||
# Test-only routes needed to test action dispatching and plug chain execution
|
||||
if Pleroma.Config.get(:env) == :test do
|
||||
scope "/test/authenticated_api", Pleroma.Tests do
|
||||
pipe_through(:authenticated_api)
|
||||
|
||||
for action <- [:skipped_oauth, :performed_oauth, :missed_oauth] do
|
||||
get("/#{action}", OAuthTestController, action)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
scope "/", Pleroma.Web.MongooseIM do
|
||||
get("/user_exists", MongooseIMController, :user_exists)
|
||||
get("/check_password", MongooseIMController, :check_password)
|
||||
|
@ -197,27 +197,27 @@ def follow_import(conn, %{"list" => %Plug.Upload{} = listfile}) do
|
||||
end
|
||||
|
||||
def follow_import(%{assigns: %{user: follower}} = conn, %{"list" => list}) do
|
||||
with lines <- String.split(list, "\n"),
|
||||
followed_identifiers <-
|
||||
Enum.map(lines, fn line ->
|
||||
String.split(line, ",") |> List.first()
|
||||
end)
|
||||
|> List.delete("Account address") do
|
||||
followed_identifiers =
|
||||
list
|
||||
|> String.split("\n")
|
||||
|> Enum.map(&(&1 |> String.split(",") |> List.first()))
|
||||
|> List.delete("Account address")
|
||||
|> Enum.map(&(&1 |> String.trim() |> String.trim_leading("@")))
|
||||
|> Enum.reject(&(&1 == ""))
|
||||
|
||||
User.follow_import(follower, followed_identifiers)
|
||||
json(conn, "job started")
|
||||
end
|
||||
end
|
||||
|
||||
def blocks_import(conn, %{"list" => %Plug.Upload{} = listfile}) do
|
||||
blocks_import(conn, %{"list" => File.read!(listfile.path)})
|
||||
end
|
||||
|
||||
def blocks_import(%{assigns: %{user: blocker}} = conn, %{"list" => list}) do
|
||||
with blocked_identifiers <- String.split(list) do
|
||||
blocked_identifiers = list |> String.split() |> Enum.map(&String.trim_leading(&1, "@"))
|
||||
User.blocks_import(blocker, blocked_identifiers)
|
||||
json(conn, "job started")
|
||||
end
|
||||
end
|
||||
|
||||
def change_password(%{assigns: %{user: user}} = conn, params) do
|
||||
case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
|
||||
|
@ -15,6 +15,8 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
|
||||
|
||||
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read)
|
||||
|
||||
plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])
|
||||
|
||||
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||
|
||||
action_fallback(:errors)
|
||||
|
@ -29,11 +29,45 @@ def controller do
|
||||
import Pleroma.Web.Router.Helpers
|
||||
import Pleroma.Web.TranslationHelpers
|
||||
|
||||
alias Pleroma.Plugs.PlugHelper
|
||||
|
||||
plug(:set_put_layout)
|
||||
|
||||
defp set_put_layout(conn, _) do
|
||||
put_layout(conn, Pleroma.Config.get(:app_layout, "app.html"))
|
||||
end
|
||||
|
||||
# Marks a plug intentionally skipped and blocks its execution if it's present in plugs chain
|
||||
defp skip_plug(conn, plug_module) do
|
||||
try do
|
||||
plug_module.skip_plug(conn)
|
||||
rescue
|
||||
UndefinedFunctionError ->
|
||||
raise "#{plug_module} is not skippable. Append `use Pleroma.Web, :plug` to its code."
|
||||
end
|
||||
end
|
||||
|
||||
# Executed just before actual controller action, invokes before-action hooks (callbacks)
|
||||
defp action(conn, params) do
|
||||
with %Plug.Conn{halted: false} <- maybe_halt_on_missing_oauth_scopes_check(conn) do
|
||||
super(conn, params)
|
||||
end
|
||||
end
|
||||
|
||||
# Halts if authenticated API action neither performs nor explicitly skips OAuth scopes check
|
||||
defp maybe_halt_on_missing_oauth_scopes_check(conn) do
|
||||
if Pleroma.Plugs.AuthExpectedPlug.auth_expected?(conn) &&
|
||||
not PlugHelper.plug_called_or_skipped?(conn, Pleroma.Plugs.OAuthScopesPlug) do
|
||||
conn
|
||||
|> render_error(
|
||||
:forbidden,
|
||||
"Security violation: OAuth scopes check was neither handled nor explicitly skipped."
|
||||
)
|
||||
|> halt()
|
||||
else
|
||||
conn
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@ -96,6 +130,35 @@ def channel do
|
||||
end
|
||||
end
|
||||
|
||||
def plug do
|
||||
quote do
|
||||
alias Pleroma.Plugs.PlugHelper
|
||||
|
||||
@doc """
|
||||
Marks a plug intentionally skipped and blocks its execution if it's present in plugs chain.
|
||||
"""
|
||||
def skip_plug(conn) do
|
||||
PlugHelper.append_to_private_list(
|
||||
conn,
|
||||
PlugHelper.skipped_plugs_list_id(),
|
||||
__MODULE__
|
||||
)
|
||||
end
|
||||
|
||||
@impl Plug
|
||||
@doc "If marked as skipped, returns `conn`, and calls `perform/2` otherwise."
|
||||
def call(%Plug.Conn{} = conn, options) do
|
||||
if PlugHelper.plug_skipped?(conn, __MODULE__) do
|
||||
conn
|
||||
else
|
||||
conn
|
||||
|> PlugHelper.append_to_private_list(PlugHelper.called_plugs_list_id(), __MODULE__)
|
||||
|> perform(options)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@doc """
|
||||
When used, dispatch to the appropriate controller/view/etc.
|
||||
"""
|
||||
|
@ -35,7 +35,7 @@ def perform(
|
||||
_job
|
||||
) do
|
||||
blocker = User.get_cached_by_id(blocker_id)
|
||||
User.perform(:blocks_import, blocker, blocked_identifiers)
|
||||
{:ok, User.perform(:blocks_import, blocker, blocked_identifiers)}
|
||||
end
|
||||
|
||||
def perform(
|
||||
@ -47,7 +47,7 @@ def perform(
|
||||
_job
|
||||
) do
|
||||
follower = User.get_cached_by_id(follower_id)
|
||||
User.perform(:follow_import, follower, followed_identifiers)
|
||||
{:ok, User.perform(:follow_import, follower, followed_identifiers)}
|
||||
end
|
||||
|
||||
def perform(%{"op" => "media_proxy_preload", "message" => message}, _job) do
|
||||
|
23
mix.exs
23
mix.exs
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
||||
def project do
|
||||
[
|
||||
app: :pleroma,
|
||||
version: version("2.0.2"),
|
||||
version: version("2.0.3"),
|
||||
elixir: "~> 1.8",
|
||||
elixirc_paths: elixirc_paths(Mix.env()),
|
||||
compilers: [:phoenix, :gettext] ++ Mix.compilers(),
|
||||
@ -203,19 +203,26 @@ defp version(version) do
|
||||
identifier_filter = ~r/[^0-9a-z\-]+/i
|
||||
|
||||
# Pre-release version, denoted from patch version with a hyphen
|
||||
{tag, tag_err} =
|
||||
System.cmd("git", ["describe", "--tags", "--abbrev=0"], stderr_to_stdout: true)
|
||||
|
||||
{describe, describe_err} = System.cmd("git", ["describe", "--tags", "--abbrev=8"])
|
||||
{commit_hash, commit_hash_err} = System.cmd("git", ["rev-parse", "--short", "HEAD"])
|
||||
|
||||
git_pre_release =
|
||||
with {tag, 0} <-
|
||||
System.cmd("git", ["describe", "--tags", "--abbrev=0"], stderr_to_stdout: true),
|
||||
{describe, 0} <- System.cmd("git", ["describe", "--tags", "--abbrev=8"]) do
|
||||
cond do
|
||||
tag_err == 0 and describe_err == 0 ->
|
||||
describe
|
||||
|> String.trim()
|
||||
|> String.replace(String.trim(tag), "")
|
||||
|> String.trim_leading("-")
|
||||
|> String.trim()
|
||||
else
|
||||
_ ->
|
||||
{commit_hash, 0} = System.cmd("git", ["rev-parse", "--short", "HEAD"])
|
||||
|
||||
commit_hash_err == 0 ->
|
||||
"0-g" <> String.trim(commit_hash)
|
||||
|
||||
true ->
|
||||
""
|
||||
end
|
||||
|
||||
# Branch name as pre-release version component, denoted with a dot
|
||||
@ -233,6 +240,8 @@ defp version(version) do
|
||||
|> String.replace(identifier_filter, "-")
|
||||
|
||||
branch_name
|
||||
else
|
||||
_ -> "stable"
|
||||
end
|
||||
|
||||
build_name =
|
||||
|
@ -0,0 +1,29 @@
|
||||
defmodule Pleroma.Repo.Migrations.ChangeFollowingRelationshipsStateToInteger do
|
||||
use Ecto.Migration
|
||||
|
||||
@alter_following_relationship_state "ALTER TABLE following_relationships ALTER COLUMN state"
|
||||
|
||||
def up do
|
||||
execute("""
|
||||
#{@alter_following_relationship_state} TYPE integer USING
|
||||
CASE
|
||||
WHEN state = 'pending' THEN 1
|
||||
WHEN state = 'accept' THEN 2
|
||||
WHEN state = 'reject' THEN 3
|
||||
ELSE 0
|
||||
END;
|
||||
""")
|
||||
end
|
||||
|
||||
def down do
|
||||
execute("""
|
||||
#{@alter_following_relationship_state} TYPE varchar(255) USING
|
||||
CASE
|
||||
WHEN state = 1 THEN 'pending'
|
||||
WHEN state = 2 THEN 'accept'
|
||||
WHEN state = 3 THEN 'reject'
|
||||
ELSE ''
|
||||
END;
|
||||
""")
|
||||
end
|
||||
end
|
@ -0,0 +1,11 @@
|
||||
defmodule Pleroma.Repo.Migrations.AddFollowingRelationshipsFollowingIdIndex do
|
||||
use Ecto.Migration
|
||||
|
||||
# [:follower_index] index is useless because of [:follower_id, :following_id] index
|
||||
# [:following_id] index makes sense because of user's followers-targeted queries
|
||||
def change do
|
||||
drop_if_exists(index(:following_relationships, [:follower_id]))
|
||||
|
||||
create_if_not_exists(index(:following_relationships, [:following_id]))
|
||||
end
|
||||
end
|
@ -0,0 +1,45 @@
|
||||
defmodule Pleroma.Repo.Migrations.InsertSkeletonsForDeletedUsers do
|
||||
use Ecto.Migration
|
||||
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Repo
|
||||
|
||||
import Ecto.Query
|
||||
|
||||
def change do
|
||||
Application.ensure_all_started(:flake_id)
|
||||
|
||||
local_ap_id =
|
||||
User.Query.build(%{local: true})
|
||||
|> select([u], u.ap_id)
|
||||
|> limit(1)
|
||||
|> Repo.one()
|
||||
|
||||
unless local_ap_id == nil do
|
||||
# Hack to get instance base url because getting it from Phoenix
|
||||
# would require starting the whole application
|
||||
instance_uri =
|
||||
local_ap_id
|
||||
|> URI.parse()
|
||||
|> Map.put(:query, nil)
|
||||
|> Map.put(:path, nil)
|
||||
|> URI.to_string()
|
||||
|
||||
{:ok, %{rows: ap_ids}} =
|
||||
Ecto.Adapters.SQL.query(
|
||||
Repo,
|
||||
"select distinct unnest(nonexistent_locals.recipients) from activities, lateral (select array_agg(recipient) as recipients from unnest(activities.recipients) as recipient where recipient similar to '#{
|
||||
instance_uri
|
||||
}/users/[A-Za-z0-9]*' and not(recipient in (select ap_id from users where local = true))) nonexistent_locals;",
|
||||
[],
|
||||
timeout: :infinity
|
||||
)
|
||||
|
||||
ap_ids
|
||||
|> Enum.each(fn [ap_id] ->
|
||||
Ecto.Changeset.change(%User{}, deactivated: true, ap_id: ap_id)
|
||||
|> Repo.insert()
|
||||
end)
|
||||
end
|
||||
end
|
||||
end
|
Binary file not shown.
BIN
priv/static/adminfe/chunk-0778.d9e7180a.css
Normal file
BIN
priv/static/adminfe/chunk-0778.d9e7180a.css
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/chunk-22d2.813009b9.css
Normal file
BIN
priv/static/adminfe/chunk-22d2.813009b9.css
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/chunk-4011.c4799067.css
Normal file
BIN
priv/static/adminfe/chunk-4011.c4799067.css
Normal file
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/chunk-6b68.0cc00484.css
Normal file
BIN
priv/static/adminfe/chunk-6b68.0cc00484.css
Normal file
Binary file not shown.
BIN
priv/static/adminfe/chunk-7637.941c4edb.css
Normal file
BIN
priv/static/adminfe/chunk-7637.941c4edb.css
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/chunk-970d.f59cca8c.css
Normal file
BIN
priv/static/adminfe/chunk-970d.f59cca8c.css
Normal file
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/chunk-d38a.cabdc22e.css
Normal file
BIN
priv/static/adminfe/chunk-d38a.cabdc22e.css
Normal file
Binary file not shown.
BIN
priv/static/adminfe/chunk-e458.f88bafea.css
Normal file
BIN
priv/static/adminfe/chunk-e458.f88bafea.css
Normal file
Binary file not shown.
@ -1 +1 @@
|
||||
<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=renderer content=webkit><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Admin FE</title><link rel="shortcut icon" href=favicon.ico><link href=chunk-elementUI.1abbc9b8.css rel=stylesheet><link href=chunk-libs.686b5876.css rel=stylesheet><link href=app.85534e14.css rel=stylesheet></head><body><div id=app></div><script type=text/javascript src=static/js/runtime.cb26bbd1.js></script><script type=text/javascript src=static/js/chunk-elementUI.fba0efec.js></script><script type=text/javascript src=static/js/chunk-libs.b8c453ab.js></script><script type=text/javascript src=static/js/app.d898cc2b.js></script></body></html>
|
||||
<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=renderer content=webkit><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Admin FE</title><link rel="shortcut icon" href=favicon.ico><link href=chunk-elementUI.1abbc9b8.css rel=stylesheet><link href=chunk-libs.686b5876.css rel=stylesheet><link href=app.796ca6d4.css rel=stylesheet></head><body><div id=app></div><script type=text/javascript src=static/js/runtime.1b4f6ce0.js></script><script type=text/javascript src=static/js/chunk-elementUI.fba0efec.js></script><script type=text/javascript src=static/js/chunk-libs.b8c453ab.js></script><script type=text/javascript src=static/js/app.203f69f8.js></script></body></html>
|
BIN
priv/static/adminfe/static/js/app.203f69f8.js
Normal file
BIN
priv/static/adminfe/static/js/app.203f69f8.js
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/app.203f69f8.js.map
Normal file
BIN
priv/static/adminfe/static/js/app.203f69f8.js.map
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-0778.b17650df.js
Normal file
BIN
priv/static/adminfe/static/js/chunk-0778.b17650df.js
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-0778.b17650df.js.map
Normal file
BIN
priv/static/adminfe/static/js/chunk-0778.b17650df.js.map
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-22d2.a0cf7976.js
Normal file
BIN
priv/static/adminfe/static/js/chunk-22d2.a0cf7976.js
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-22d2.a0cf7976.js.map
Normal file
BIN
priv/static/adminfe/static/js/chunk-22d2.a0cf7976.js.map
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-3384.458ffaf1.js
Normal file
BIN
priv/static/adminfe/static/js/chunk-3384.458ffaf1.js
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-3384.458ffaf1.js.map
Normal file
BIN
priv/static/adminfe/static/js/chunk-3384.458ffaf1.js.map
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-4011.67fb1692.js
Normal file
BIN
priv/static/adminfe/static/js/chunk-4011.67fb1692.js
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-4011.67fb1692.js.map
Normal file
BIN
priv/static/adminfe/static/js/chunk-4011.67fb1692.js.map
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-6b68.fbc0f684.js
Normal file
BIN
priv/static/adminfe/static/js/chunk-6b68.fbc0f684.js
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-6b68.fbc0f684.js.map
Normal file
BIN
priv/static/adminfe/static/js/chunk-6b68.fbc0f684.js.map
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-7637.8f5fb36e.js
Normal file
BIN
priv/static/adminfe/static/js/chunk-7637.8f5fb36e.js
Normal file
Binary file not shown.
BIN
priv/static/adminfe/static/js/chunk-7637.8f5fb36e.js.map
Normal file
BIN
priv/static/adminfe/static/js/chunk-7637.8f5fb36e.js.map
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user