itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity
15965 commits 3 branches 2 tags 277 MiB
Commit graph

139 commits

Author SHA1 Message Date
Thomas Citharel
4d0a51221a
Fix typo in CSP Report-To header name 
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-11-04 15:02:13 +01:00
FloatingGhost
03662501c3 Check that the signature matches the creator 2022-10-14 11:48:32 +01:00
Hélène
1acd38fe7f OAuthPlug: use user cache instead of joining 
As this plug is called on every request, this should reduce load on the
database by not requiring to select on the users table every single
time, and to instead use the by-ID user cache whenever possible.
 2022-09-11 19:55:55 +01:00
floatingghost
772c209914 GTS: cherry-picks and collection usage (#186) 
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e

what is this, a yoink of a yoink? good times

Co-authored-by: Hélène <pleroma-dev@helene.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/186
 2022-08-27 18:05:48 +00:00
FloatingGhost
8d7b63a766 Revert "Fix oauth2 (for real) (#179)" 
This reverts commit aa681d7e15.
 2022-08-21 17:52:02 +01:00
floatingghost
aa681d7e15 Fix oauth2 (for real) (#179) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/179
 2022-08-21 16:24:37 +00:00
FloatingGhost
b0130bfa7b Revert "oauth2 fixes (#177)" 
This reverts commit 429e2ac832.
 2022-08-21 16:22:15 +01:00
floatingghost
429e2ac832 oauth2 fixes (#177) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/177
 2022-08-21 14:46:52 +00:00
FloatingGhost
55179d4214 set soapbox-fe v2 by default 
fixes #157
 2022-08-11 10:25:03 +01:00
floatingghost
ec162b496b /notice signing checks on redirect (#150) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/150
 2022-08-05 19:31:32 +00:00
FloatingGhost
d598c7a834 remove anonymous function from plug 2022-07-14 11:17:14 +01:00
floatingghost
37ae047e16 Add swaggerUI options (#66) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/66
 2022-07-13 15:09:35 +00:00
floatingghost
364b6969eb Use finch everywhere (#33) 
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/33
 2022-07-04 16:30:38 +00:00
Tusooa Zhu
3fd87b6a75 Skip cache when /objects or /activities is authenticated 
Ref: fix-local-public
 2022-06-29 20:47:27 +01:00
Tusooa Zhu
932e5df19e Allow to skip cache in Cache plug 
Ref: fix-local-public
 2022-06-29 20:47:26 +01:00
Tusooa Zhu
07bd35227a Support multiple locales from userLanguage cookie 2022-06-29 20:47:10 +01:00
Tusooa Zhu
fa95bc8725 Support multiple locales formally 
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
 2022-06-29 20:47:10 +01:00
Tusooa Zhu
ef73f61b07 Fallback to a variant if the language in general is not supported 
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
 2022-06-29 20:47:10 +01:00
Tusooa Zhu
72bdb0640f Allow user to register with custom language 2022-06-29 20:46:51 +01:00
Tusooa Zhu
7726148472 Send emails i18n'd using backend-stored user language 2022-06-29 20:45:19 +01:00
Tusooa Zhu
8f08c902a5 Make lint happy 2022-06-29 20:44:16 +01:00
Tusooa Zhu
775f997c40 Prefer userLanguage cookie over Accept-Language header in detecting locale 
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
 2022-06-29 20:43:41 +01:00
FloatingGhost
502382da45 cherry-pick security from upstream 2022-06-22 16:25:05 +01:00
Alex Gleason
138f5a4517
EnsureStaffPrivilegedPlug: don't let non-moderators through 2021-12-27 17:18:26 -06:00
Alibek Omarov
f02715c4b2 Fix lint errors 2021-12-27 03:42:03 +03:00
Alibek Omarov
cd1041c3a4 API: optionally restrict moderators from accessing sensitive data 2021-12-27 02:27:48 +03:00
Alex Gleason
44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug 2021-08-04 11:48:57 -05:00
Alex Gleason
9bc1e79c56
Moderators: add UserIsStaffPlug 2021-07-12 21:57:52 -05:00
Alex Gleason
595bca24ad
Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static 2021-05-30 12:12:58 -05:00
Alex Gleason
721c966842
FrontendStatic: make Router a runtime dep 
Speeds up recompilation by removing compile-time cycles
 2021-05-30 12:12:16 -05:00
Alex Gleason
39127f15eb
Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes 2021-05-28 13:51:21 -05:00
Alex Gleason
c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0 
Reduce recompilation time by breaking compile-time cycles
 2021-05-28 13:51:01 -05:00
Sean King
2b4f958b2a
Add opting out of Google FLoC to HTTPSecurityPlug headers 2021-04-18 14:00:18 -06:00
Mark Felder
1552179792 Improved recursion through the api route list 2021-02-25 10:07:29 -06:00
Mark Felder
cea31df6a6 Attempt to filter out API calls from FrontendStatic plug 2021-02-24 15:27:53 -06:00
rinpatch
2ab9499258 OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions 
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.
 2021-02-17 21:37:23 +03:00
Ivan Tashkinov
df89b5019b [#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring. 2021-02-11 15:02:50 +03:00
Egor Kislitsyn
793fc77b16
Add active user count 2021-01-27 18:20:06 +04:00
eugenijm
7fcaa188a0 Allow to define custom HTTP headers per each frontend 2021-01-21 21:55:23 +03:00
eugenijm
133644dfa2 Ability to set the Service-Worker-Allowed header 2021-01-21 21:55:11 +03:00
Lain Soykaf
39f3683a06 Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
lain
9106048c61 Password: Replace Pbkdf2 with Password. 2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021 
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
 2021-01-13 07:49:50 +01:00
Mark Felder
86dcfb4eb9 More places we should be using Upload.base_url 2021-01-08 17:32:42 -06:00
Mark Felder
d69c78ceb9 Remove configurability of upload proxy opts, simplify 2021-01-05 15:06:00 -06:00
lain
713612c377 Cachex: Make caching provider switchable at runtime. 
Defaults to Cachex.
 2020-12-18 17:44:46 +01:00
Ivan Tashkinov
e9859b68fc [#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions. 2020-12-06 13:59:10 +03:00
Ivan Tashkinov
50e47a215f Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements 2020-11-28 21:51:27 +03:00
Alexander Strizhakov
6aadb1cb40
digest algorithm is taken from header 2020-11-27 08:10:52 +03:00
Ivan Tashkinov
12a5981cc3 Session token setting on token exchange. Auth-related refactoring. 2020-11-25 21:47:23 +03:00
Ivan Tashkinov
ccc2cf0e87 Session-based OAuth auth fixes (token expiration check), refactoring, tweaks. 2020-11-21 19:47:25 +03:00
Ivan Tashkinov
04f6b48ac1 Auth subsystem refactoring and tweaks. 
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
 2020-10-31 13:38:35 +03:00
Maksim Pechnikov
d28f72a55a FrontStatic plug: excluded invalid url 2020-10-27 22:59:27 +03:00
Alexander Strizhakov
b081080dd9
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
1d0e130cb3
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov
9f4fe5485b
alias alphabetically order 2020-10-13 16:43:59 +03:00
Alexander Strizhakov
3ef4e9d170
AdminSecretAuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c497558d43
AuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
c1777e7479
BasicAuthDecoderPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov
970932689f
DigestPlug rename 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
66e0b0065b
Cache plug module name 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
c6baa811d6
EnsureAuthenticatedPlug module name 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
011525a3d1
EnsurePublicOrAuthenticatedPlug module name 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
8e301a4c37
EnsureUserKeyPlug module name 2020-10-13 16:43:56 +03:00
Alexander Strizhakov
d6cb1a3b46
ExpectAuthenticatedCheckPlug module name 2020-10-13 16:43:56 +03:00
Alexander Strizhakov
99e4ed21b1
ExpectPublicOrAuthenticatedCheckPlug module name 2020-10-13 16:43:56 +03:00
Alexander Strizhakov
8c993c5f63
FederatingPlug module name 2020-10-13 16:43:55 +03:00
Alexander Strizhakov
abc3c7689b
HTTPSecurityPlug module name and filename 2020-10-13 16:43:55 +03:00
Alexander Strizhakov
5cd7030076
IdempotencyPlug module name 2020-10-13 16:43:55 +03:00
Alexander Strizhakov
8dfaa54ffc
InstanceStatic module name 2020-10-13 16:43:55 +03:00
Alexander Strizhakov
e2332d92ce
LegacyAuthenticationPlug module name 2020-10-13 16:43:54 +03:00
Alexander Strizhakov
96d320bdfe
OAuthPlug module name 2020-10-13 16:43:54 +03:00
Alexander Strizhakov
a6d8cef33e
OAuthScopesPlug module name 2020-10-13 16:43:54 +03:00
Alexander Strizhakov
15772fda57
PlugHelper module name 2020-10-13 16:43:53 +03:00
Alexander Strizhakov
4b1863ca4e
RateLimiter module name 2020-10-13 16:43:53 +03:00
Alexander Strizhakov
3be8ab5103
RemoteIp module name 2020-10-13 16:43:50 +03:00
Alexander Strizhakov
4b4c0eef36
SessionAuthenticationPlug module name 2020-10-13 16:42:53 +03:00
Alexander Strizhakov
8249b75761
SetFormatPlug module name 2020-10-13 16:42:53 +03:00
Alexander Strizhakov
c97c7d982f
SetLocalePlug module name 2020-10-13 16:42:52 +03:00
Alexander Strizhakov
f7614d4718
SetUserSessionIdPlug module name 2020-10-13 16:42:52 +03:00
Alexander Strizhakov
d36c9e210a
StaticFEPlug module name 2020-10-13 16:42:52 +03:00
Alexander Strizhakov
a07688deb1
TrailingFormatPlug module name 2020-10-13 16:42:51 +03:00
Alexander Strizhakov
a5987155f7
UploadedMedia module name 2020-10-13 16:42:51 +03:00
Alexander Strizhakov
ebd6dd7c53
UserEnabledPlug module name 2020-10-13 16:42:51 +03:00
Alexander Strizhakov
61c609884c
UserFetcherPlug module name 2020-10-13 16:42:51 +03:00
Alexander Strizhakov
1d16cd0c3d
UserIsAdminPlug module name 2020-10-13 16:42:50 +03:00
Alexander Strizhakov
e267991a44
renaming LimiterSupervisor 2020-10-13 16:42:48 +03:00
Alexander Strizhakov
6a87f94ee2
renaming ratelimiter supervisor 2020-10-13 16:38:48 +03:00
Alexander Strizhakov
2501793f81
moving plugs into web dir 2020-10-13 16:38:19 +03:00