logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: 4f249b23977d7426c6249875b538c7a6c1b239ff
parent 9032d065e6710400420320edbee9a9ca5e490eae
Author: marcin mikołajczak <git@mkljczk.pl>
Date:   Mon, 10 Jan 2022 20:04:14 +0100

Merge remote-tracking branch 'origin/develop' into account-endorsements

Diffstat:

M.gitlab-ci.yml20+++++++++++---------
MCHANGELOG.md16++++++++++++++++
Aci/Dockerfile7+++++++
Aci/build_and_push.sh1+
Mdocs/development/API/pleroma_api.md25+++++++++++++------------
Mlib/pleroma/web/api_spec/operations/account_operation.ex20++++++++++++++++++++
Mlib/pleroma/web/mastodon_api/controllers/account_controller.ex14+++++++++++++-
Mlib/pleroma/web/router.ex2++
Mmix.exs7++-----
Mmix.lock4++--
Apriv/repo/migrations/20211229075801_user_relationships_target_id_relationship_type_index.exs7+++++++
Mtest/pleroma/web/mastodon_api/controllers/account_controller_test.exs24++++++++++++++++++++++++
Mtest/pleroma/web/rich_media/parser_test.exs4++--
Mtest/pleroma/web/streamer_test.exs1+
14 files changed, 121 insertions(+), 31 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: elixir:1.9.4 +image: git.pleroma.social:5050/pleroma/pleroma/ci-base variables: &global_variables POSTGRES_DB: pleroma_test @@ -26,12 +26,7 @@ stages: before_script: - echo $MIX_ENV - rm -rf _build/*/lib/pleroma - - apt-get update && apt-get install -y cmake - - mix local.hex --force - - mix local.rebar --force - mix deps.get - - apt-get -qq update - - apt-get install -y libmagic-dev after_script: - rm -rf _build/*/lib/pleroma @@ -88,7 +83,6 @@ unit-testing: alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: - - apt-get update && apt-get install -y libimage-exiftool-perl ffmpeg - mix ecto.create - mix ecto.migrate - mix coveralls --preload-modules @@ -146,7 +140,6 @@ unit-testing-rum: <<: *global_variables RUM_ENABLED: "true" script: - - apt-get update && apt-get install -y libimage-exiftool-perl ffmpeg - mix ecto.create - mix ecto.migrate - "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/" @@ -161,6 +154,10 @@ lint: - "**/*.exs" - "mix.lock" cache: *testing_cache_policy + before_script: + - mix local.hex --force + - mix local.rebar --force + - mix deps.get script: - mix format --check-formatted @@ -184,8 +181,13 @@ cycles: - "**/*.exs" - "mix.lock" cache: {} - script: + before_script: + - mix local.hex --force + - mix local.rebar --force - mix deps.get + - apt-get update + - apt-get install cmake libmagic-dev -y + script: - mix compile - mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}' diff --git a/CHANGELOG.md b/CHANGELOG.md @@ -18,11 +18,27 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Experimental support for Finch. Put `config :tesla, :adapter, {Tesla.Adapter.Finch, name: MyFinch}` in your secrets file to use it. Reverse Proxy will still use Hackney. - AdminAPI: allow moderators to manage reports, users, invites, and custom emojis - AdminAPI: restrict moderators to access sensitive data: change user credentials, get password reset token, read private statuses and chats, etc +- PleromaAPI: Add remote follow API endpoint at `POST /api/v1/pleroma/remote_interaction` +- MastoAPI: Add `GET /api/v1/accounts/lookup` +- MastoAPI: Profile Directory support +- MastoAPI: Support v2 Suggestions (handpicked accounts only) +- Ability to log slow Ecto queries by configuring `:pleroma, :telemetry, :slow_queries_logging` +- Added Phoenix LiveDashboard at `/phoenix/live_dashboard` +- Added `/manifest.json` for progressive web apps. ### Fixed - Subscription(Bell) Notifications: Don't create from Pipeline Ingested replies - Handle Reject for already-accepted Follows properly - Display OpenGraph data on alternative notice routes. +- Fix replies count for remote replies +- ChatAPI: Add link headers +- Limited number of search results to 40 to prevent DoS attacks +- ActivityPub: fixed federation of attachment dimensions +- Fixed benchmarks +- Elixir 1.13 support +- Fixed crash when pinned_objects is nil +- Fixed slow timelines when there are a lot of deactivated users +- Fixed account deletion API ### Removed diff --git a/ci/Dockerfile b/ci/Dockerfile @@ -0,0 +1,7 @@ +FROM elixir:1.9.4 + +RUN apt-get update &&\ + apt-get install -y libmagic-dev cmake libimage-exiftool-perl ffmpeg &&\ + mix local.hex --force &&\ + mix local.rebar --force + diff --git a/ci/build_and_push.sh b/ci/build_and_push.sh @@ -0,0 +1 @@ +docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 -t git.pleroma.social:5050/pleroma/pleroma/ci-base:latest --push . diff --git a/docs/development/API/pleroma_api.md b/docs/development/API/pleroma_api.md @@ -37,7 +37,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap ``` * Note: Same data as Mastodon API’s `/api/v1/custom_emojis` but in a different format -## `/api/v1/pleroma/follow_import` +## `/api/pleroma/follow_import` ### Imports your follows, for example from a Mastodon CSV file. * Method: `POST` * Authentication: required @@ -46,7 +46,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap * Response: HTTP 200 on success, 500 on error * Note: Users that can't be followed are silently skipped. -## `/api/v1/pleroma/blocks_import` +## `/api/pleroma/blocks_import` ### Imports your blocks. * Method: `POST` * Authentication: required @@ -54,7 +54,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap * `list`: STRING or FILE containing a whitespace-separated list of accounts to block * Response: HTTP 200 on success, 500 on error -## `/api/v1/pleroma/mutes_import` +## `/api/pleroma/mutes_import` ### Imports your mutes. * Method: `POST` * Authentication: required @@ -70,7 +70,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap * Response: Provider specific JSON, the only guaranteed parameter is `type` * Example response: `{"type": "kocaptcha", "token": "whatever", "url": "https://captcha.kotobank.ch/endpoint", "seconds_valid": 300}` -## `/api/v1/pleroma/delete_account` +## `/api/pleroma/delete_account` ### Delete an account * Method `POST` * Authentication: required @@ -79,7 +79,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap * Response: JSON. Returns `{"status": "success"}` if the deletion was successful, `{"error": "[error message]"}` otherwise * Example response: `{"error": "Invalid password."}` -## `/api/v1/pleroma/disable_account` +## `/api/pleroma/disable_account` ### Disable an account * Method `POST` * Authentication: required @@ -88,21 +88,22 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap * Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise * Example response: `{"error": "Invalid password."}` -## `/api/v1/pleroma/accounts/mfa` +## `/api/pleroma/accounts/mfa` #### Gets current MFA settings * method: `GET` * Authentication: required * OAuth scope: `read:security` -* Response: JSON. Returns `{"enabled": "false", "totp": false }` +* Response: JSON. Returns `{"settings": {"enabled": "false", "totp": false }}` +* Note: `enabled` is whether multi-factor auth is enabled for the user in general, while `totp` is one type of MFA. -## `/api/v1/pleroma/accounts/mfa/setup/totp` +## `/api/pleroma/accounts/mfa/setup/totp` #### Pre-setup the MFA/TOTP method * method: `GET` * Authentication: required * OAuth scope: `write:security` * Response: JSON. Returns `{"key": [secret_key], "provisioning_uri": "[qr code uri]" }` when successful, otherwise returns HTTP 422 `{"error": "error_msg"}` -## `/api/v1/pleroma/accounts/mfa/confirm/totp` +## `/api/pleroma/accounts/mfa/confirm/totp` #### Confirms & enables MFA/TOTP support for user account. * method: `POST` * Authentication: required @@ -113,7 +114,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap * Response: JSON. Returns `{}` if the enable was successful, HTTP 422 `{"error": "[error message]"}` otherwise -## `/api/v1/pleroma/accounts/mfa/totp` +## `/api/pleroma/accounts/mfa/totp` #### Disables MFA/TOTP method for user account. * method: `DELETE` * Authentication: required @@ -123,7 +124,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap * Response: JSON. Returns `{}` if the disable was successful, HTTP 422 `{"error": "[error message]"}` otherwise * Example response: `{"error": "Invalid password."}` -## `/api/v1/pleroma/accounts/mfa/backup_codes` +## `/api/pleroma/accounts/mfa/backup_codes` #### Generstes backup codes MFA for user account. * method: `GET` * Authentication: required @@ -331,7 +332,7 @@ See [Admin-API](admin_api.md) } ``` -## `/api/v1/pleroma/change_email` +## `/api/pleroma/change_email` ### Change account email * Method `POST` * Authentication: required diff --git a/lib/pleroma/web/api_spec/operations/account_operation.ex b/lib/pleroma/web/api_spec/operations/account_operation.ex @@ -428,6 +428,26 @@ defmodule Pleroma.Web.ApiSpec.AccountOperation do } end + def lookup_operation do + %Operation{ + tags: ["Account lookup"], + summary: "Find a user by nickname", + operationId: "AccountController.lookup", + parameters: [ + Operation.parameter( + :acct, + :query, + :string, + "User nickname" + ) + ], + responses: %{ + 200 => Operation.response("Account", "application/json", Account), + 404 => Operation.response("Error", "application/json", ApiError) + } + } + end + def endorsements_operation do %Operation{ tags: ["Retrieve account information"], diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex @@ -32,7 +32,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do plug(Pleroma.Web.ApiSpec.CastAndValidate) - plug(:skip_auth when action == :create) + plug(:skip_auth when action in [:create, :lookup]) plug(:skip_public_check when action in [:show, :statuses]) @@ -510,6 +510,18 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do |> render("index.json", users: users, for: user, as: :user) end + @doc "GET /api/v1/accounts/lookup" + def lookup(conn, %{acct: nickname} = _params) do + with %User{} = user <- User.get_by_nickname(nickname) do + render(conn, "show.json", + user: user, + skip_visibility_check: true + ) + else + error -> user_visibility_error(conn, error) + end + end + @doc "GET /api/v1/endorsements" def endorsements(%{assigns: %{user: user}} = conn, params) do users = diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex @@ -588,6 +588,8 @@ defmodule Pleroma.Web.Router do get("/accounts/search", SearchController, :account_search) get("/search", SearchController, :search) + get("/accounts/lookup", AccountController, :lookup) + get("/accounts/:id/statuses", AccountController, :statuses) get("/accounts/:id/followers", AccountController, :followers) get("/accounts/:id/following", AccountController, :following) diff --git a/mix.exs b/mix.exs @@ -149,8 +149,7 @@ defmodule Pleroma.Mixfile do git: "https://github.com/msantos/crypt.git", ref: "f75cd55325e33cbea198fb41fe41871392f8fb76"}, {:cors_plug, "~> 2.0"}, - {:web_push_encryption, - git: "https://github.com/lanodan/elixir-web-push-encryption.git", branch: "bugfix/otp-24"}, + {:web_push_encryption, "~> 0.3.1"}, {:swoosh, "~> 1.0"}, {:phoenix_swoosh, "~> 0.3"}, {:gen_smtp, "~> 0.13"}, @@ -183,9 +182,7 @@ defmodule Pleroma.Mixfile do {:ex_const, "~> 0.2"}, {:plug_static_index_html, "~> 1.0.0"}, {:flake_id, "~> 0.1.0"}, - {:concurrent_limiter, - git: "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", - ref: "d81be41024569330f296fc472e24198d7499ba78"}, + {:concurrent_limiter, "~> 0.1.1"}, {:remote_ip, git: "https://git.pleroma.social/pleroma/remote_ip.git", ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"}, diff --git a/mix.lock b/mix.lock @@ -14,7 +14,7 @@ "certifi": {:hex, :certifi, "2.8.0", "d4fb0a6bb20b7c9c3643e22507e42f356ac090a1dcea9ab99e27e0376d695eba", [:rebar3], [], "hexpm", "6ac7efc1c6f8600b08d625292d4bbf584e14847ce1b6b5c44d983d273e1097ea"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "comeonin": {:hex, :comeonin, "5.3.2", "5c2f893d05c56ae3f5e24c1b983c2d5dfb88c6d979c9287a76a7feb1e1d8d646", [:mix], [], "hexpm", "d0993402844c49539aeadb3fe46a3c9bd190f1ecf86b6f9ebd71957534c95f04"}, - "concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", "d81be41024569330f296fc472e24198d7499ba78", [ref: "d81be41024569330f296fc472e24198d7499ba78"]}, + "concurrent_limiter": {:hex, :concurrent_limiter, "0.1.1", "43ae1dc23edda1ab03dd66febc739c4ff710d047bb4d735754909f9a474ae01c", [:mix], [{:telemetry, "~> 0.3", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "53968ff238c0fbb4d7ed76ddb1af0be6f3b2f77909f6796e249e737c505a16eb"}, "connection": {:hex, :connection, "1.1.0", "ff2a49c4b75b6fb3e674bfc5536451607270aac754ffd1bdfe175abe4a6d7a68", [:mix], [], "hexpm", "722c1eb0a418fbe91ba7bd59a47e28008a189d47e37e0e7bb85585a016b2869c"}, "cors_plug": {:hex, :cors_plug, "2.0.3", "316f806d10316e6d10f09473f19052d20ba0a0ce2a1d910ddf57d663dac402ae", [:mix], [{:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "ee4ae1418e6ce117fc42c2ba3e6cbdca4e95ecd2fe59a05ec6884ca16d469aea"}, "cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"}, @@ -133,6 +133,6 @@ "ueberauth": {:hex, :ueberauth, "0.6.3", "d42ace28b870e8072cf30e32e385579c57b9cc96ec74fa1f30f30da9c14f3cc0", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "afc293d8a1140d6591b53e3eaf415ca92842cb1d32fad3c450c6f045f7f91b60"}, "unicode_util_compat": {:hex, :unicode_util_compat, "0.7.0", "bc84380c9ab48177092f43ac89e4dfa2c6d62b40b8bd132b1059ecc7232f9a78", [:rebar3], [], "hexpm", "25eee6d67df61960cf6a794239566599b09e17e668d3700247bc498638152521"}, "unsafe": {:hex, :unsafe, "1.0.1", "a27e1874f72ee49312e0a9ec2e0b27924214a05e3ddac90e91727bc76f8613d8", [:mix], [], "hexpm", "6c7729a2d214806450d29766abc2afaa7a2cbecf415be64f36a6691afebb50e5"}, - "web_push_encryption": {:git, "https://github.com/lanodan/elixir-web-push-encryption.git", "026a043037a89db4da8f07560bc8f9c68bcf0cc0", [branch: "bugfix/otp-24"]}, + "web_push_encryption": {:hex, :web_push_encryption, "0.3.1", "76d0e7375142dfee67391e7690e89f92578889cbcf2879377900b5620ee4708d", [:mix], [{:httpoison, "~> 1.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jose, "~> 1.11.1", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "4f82b2e57622fb9337559058e8797cb0df7e7c9790793bdc4e40bc895f70e2a2"}, "websocket_client": {:git, "https://github.com/jeremyong/websocket_client.git", "9a6f65d05ebf2725d62fb19262b21f1805a59fbf", []}, } diff --git a/priv/repo/migrations/20211229075801_user_relationships_target_id_relationship_type_index.exs b/priv/repo/migrations/20211229075801_user_relationships_target_id_relationship_type_index.exs @@ -0,0 +1,7 @@ +defmodule Pleroma.Repo.Migrations.UserRelationshipsTargetIdRelationshipTypeIndex do + use Ecto.Migration + + def change do + create_if_not_exists(index(:user_relationships, [:target_id, :relationship_type])) + end +end diff --git a/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/account_controller_test.exs @@ -1798,6 +1798,30 @@ defmodule Pleroma.Web.MastodonAPI.AccountControllerTest do assert [%{"id" => ^id2}] = result end + test "account lookup", %{conn: conn} do + %{nickname: acct} = insert(:user, %{nickname: "nickname"}) + %{nickname: acct_two} = insert(:user, %{nickname: "nickname@notlocaldoma.in"}) + + result = + conn + |> get("/api/v1/accounts/lookup?acct=#{acct}") + |> json_response_and_validate_schema(200) + + assert %{"acct" => ^acct} = result + + result = + conn + |> get("/api/v1/accounts/lookup?acct=#{acct_two}") + |> json_response_and_validate_schema(200) + + assert %{"acct" => ^acct_two} = result + + _result = + conn + |> get("/api/v1/accounts/lookup?acct=unexisting_nickname") + |> json_response_and_validate_schema(404) + end + test "create a note on a user" do %{conn: conn} = oauth_access(["write:accounts", "read:follows"]) other_user = insert(:user) diff --git a/test/pleroma/web/rich_media/parser_test.exs b/test/pleroma/web/rich_media/parser_test.exs @@ -133,13 +133,13 @@ defmodule Pleroma.Web.RichMedia.ParserTest do assert Parser.parse("http://example.com/oembed") == {:ok, %{ - "author_name" => "‮‭‬bees‬", + "author_name" => "\u202E\u202D\u202Cbees\u202C", "author_url" => "https://www.flickr.com/photos/bees/", "cache_age" => 3600, "flickr_type" => "photo", "height" => "768", "html" => - "<a data-flickr-embed=\"true\" href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by ‮‭‬bees‬, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"https://embedr.flickr.com/assets/client-code.js\" charset=\"utf-8\"></script>", + "<a data-flickr-embed=\"true\" href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by \u202E\u202D\u202Cbees\u202C, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"https://embedr.flickr.com/assets/client-code.js\" charset=\"utf-8\"></script>", "license" => "All Rights Reserved", "license_id" => 0, "provider_name" => "Flickr", diff --git a/test/pleroma/web/streamer_test.exs b/test/pleroma/web/streamer_test.exs @@ -772,6 +772,7 @@ defmodule Pleroma.Web.StreamerTest do refute_receive _ end + @tag :erratic test "it sends conversation update to the 'direct' stream when a message is deleted", %{ user: user, token: oauth_token