Commit graph

138 commits

Author SHA1 Message Date
fdb-hiroshima
5579f64dd0
update dependancies (#574)
[Security] Bump ammonia from 2.0.0 to 2.1.1
Bump bcrypt from 0.2.2 to 0.4.0
Bump clap from 2.32.0 to 2.33.0
Bump colored from 1.7.0 to 1.8.0
Bump ctrlc from 3.1.1 to 3.1.2
Bump diesel from 1.4.1 to 1.4.2
Bump dotenv from 0.13.0 to 0.14.0
Bump hyper from 0.12.25 to 0.12.28
Bump openssl from 0.10.19 to 0.10.22
Bump proc-macro2 from 0.4.27 to 0.4.30
Bump reqwest from 0.9.11 to 0.9.16
Bump rpassword from 2.1.0 to 3.0.2
Bump serde_derive from 1.0.80 to 1.0.82
Bump serde_derive from 1.0.89 to 1.0.91
Bump serde from 1.0.89 to 1.0.91
Bump serde_qs from 0.4.5 to 0.4.6
Bump stdweb from 0.4.14 to 0.4.17
Bump syn from 0.11.11 to 0.15.27
Bump whatlang from 0.7.0 to 0.7.1
2019-05-12 10:41:47 +02:00
fdb-hiroshima
49bb8cb0bc
import migrations and don't require diesel_cli for admins (#555)
* import migrations via macro

* panic on database not to the latest migration

* add subcommand to plm

* create migration that run tantivy index creation

* remove diesel_cli from places it was

* use our migration system for tests

* create table __diesel_schema_migrations if needed
2019-04-29 16:30:20 +02:00
Baptiste Gelez
ec57f1e687
Remove Canapi (#540)
* Remove Canapi

It added more complexity than it helped.

* Fail if there are many blog, but none was specified

* cargo fmt
2019-04-28 22:17:21 +01:00
Baptiste Gelez
787eb7f399
Federate user deletion (#551)
* Federate user deletion

- When someone deletes their account
- When a local user is banned

Fixes #509

* cargo fmt
2019-04-28 18:01:41 +01:00
Baptiste Gelez
68dd8602b2
New Crowdin translations (#479)
Enjoy!
2019-04-19 13:59:03 +01:00
fdb-hiroshima
0d708e1639 Add support for remote interact (#519)
Add support for remote interaction ([this thing](https://eldritch.cafe/users/Barmaid/remote_follow) in mastodon)

- [x] create the endpoint dispatching remote interactions to local pages
- [x] add this endpoint to web-finger
- [x] propose remote interaction when following and not connected
- [x] propose remote interaction when liking/sharing and not connected
- [x] propose remote interaction when commenting and not connected
- [x] fetch posts/comments we don't know but remote interaction was requested for ?
2019-04-17 21:09:07 +01:00
Baptiste Gelez
12efe721cc
Big refactoring of the Inbox (#443)
* Big refactoring of the Inbox

We now have a type that routes an activity through the registered handlers
until one of them matches.

Each Actor/Activity/Object combination is represented by an implementation of AsObject

These combinations are then registered on the Inbox type, which will try to deserialize
the incoming activity in the requested types.

Advantages:
- nicer syntax: the final API is clearer and more idiomatic
- more generic: only two traits (`AsActor` and `AsObject`) instead of one for each kind of activity
- it is easier to see which activities we handle and which one we don't

* Small fixes

- Avoid panics
- Don't search for AP ID infinitely
- Code style issues

* Fix tests

* Introduce a new trait: FromId

It should be implemented for any AP object.

It allows to look for an object in database using its AP ID, or to dereference it if it was not present in database

Also moves the inbox code to plume-models to test it (and write a basic test for each activity type we handle)

* Use if let instead of match

* Don't require PlumeRocket::intl for tests

* Return early and remove a forgotten dbg!

* Add more tests to try to understand where the issues come from

* Also add a test for comment federation

* Don't check creation_date is the same for blogs

* Make user and blog federation more tolerant to errors/missing fields

* Make clippy happy

* Use the correct Accept header when dereferencing

* Fix follow approval with Mastodon

* Add spaces to characters that should not be in usernames

And validate blog names too

* Smarter dereferencing: only do it once for each actor/object

* Forgot some files

* Cargo fmt

* Delete plume_test

* Delete plume_tests

* Update get_id docs + Remove useless : Sized

* Appease cargo fmt

* Remove dbg! + Use as_ref instead of clone when possible + Use and_then instead of map when possible

* Remove .po~

* send unfollow to local instance

* read cover from update activity

* Make sure "cc" and "to" are never empty

and fix a typo in a constant name

* Cargo fmt
2019-04-17 18:31:47 +01:00
fdb-hiroshima
26fc2cde5d
use circleci instead of travis (#511)
Upgrade rust-toolchain
Upgrade Tantivy
Warning: tantivy now use a different file format, search index may need to be deleted and recreated to work as intended
try to run compile twice in a row because sometime oomk is evil
2019-04-01 20:28:23 +02:00
fdb-hiroshima
ace6181c99
Allow to change logo from .env (#497)
Fix #273
2019-03-21 11:51:41 +01:00
Atul Bhosale
b945d1f602 Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00
Baptiste Gelez
9076dbaadc
New editor (#458)
With this PR, when JS is activated and WASM supported, the article editor will be dynamically replaced with `contenteditable`s elements. This makes the editing interface simpler and less like a regular form. It will also allow us to easily add visual formatting with native browser APIs (and to insert images or videos directly). Here is a little demo:

![peek 05-03-2019 16-12](https://user-images.githubusercontent.com/16254623/53815536-1dc05680-3f62-11e9-94d3-b363ed84eb97.gif)

There is still a lot to do, but it is a good first step.

Fixes #255
2019-03-15 16:06:10 +01:00
Baptiste Gelez
42dca3daae
Remove some unused #[derive] (#473)
We used to need them, probably when we were using Tera.
2019-03-12 19:40:54 +01:00
Baptiste Gelez
9b48b8a846
Update dependencies (#456)
(whatlang especially, since it received an update that removes many build dependencies, making our total dependency count go from 512 to 478)
2019-03-04 20:46:26 +01:00
Baptiste Gelez
a2b9d7ec44
Password reset (#448)
* Password reset

* Various improvements and fixes for password reset

- Reorganize src/mail.rs to make it  cleaner
- add a build_mail function
- only make the requests invalid after 2 hours
- avoid infintely-growing list of requests by deleting them once completed, or after 24 hours
- avoid sending many requests for the same user
- validate the password reset form

* Avoid locking so many times

Fix durations

* Remove old requests even if the current one is not valid

* Remove unused feature

* Also remove the custom_derive and plugin features while we are at it

* Forgot a 0 è_é

* Avoid panicking while owning a request lock

* Use master branch of lettre so that we can build with the latest OpenSSL

* Fix the debug mailer
2019-02-27 13:29:26 +01:00
fdb-hiroshima
64d1944715
Upgrade tantivy to 0.8.2 (#445)
Fix arm build
2019-02-14 08:46:37 +01:00
Baptiste Gelez
77bfe635d7
Update dependencies (#440) 2019-02-13 13:39:30 +01:00
Baptiste Gelez
7eef4643c8
Update rocket_i18n and add gettext_macros (#431)
Internationalization now uses proc-macros that generate the .pot file
automatically.
2019-02-02 15:23:50 +01:00
fdb-hiroshima
944a9d08a7
Update dependencies (#428)
* Bump serde from 1.0.82 to 1.0.84
* Bump ructe from 0.5.4 to 0.5.6
* Bump colored from 1.6.1 to 1.7.0
* Bump itertools from 0.7.11 to 0.8.0
* Bump ammonia from 1.2.0 to 2.0.0
* Bump hyper from 0.12.19 to 0.12.20
* Bump serde_derive from 1.0.80 to 1.0.84
* Bump stdweb from 0.4.12 to 0.4.13
* Bump rsass from 0.9.4 to 0.9.6
* Bump failure from 0.1.3 to 0.1.5
* Bump reqwest from 0.9.5 to 0.9.8
* Bump serde_derive from 0.7.1 to 0.8.0
2019-01-18 19:22:36 +01:00
Baptiste Gelez
3fce5d6a14
Use Rust for the front-end too (#374)
Rust can compile to WASM, so let's use it for front-end code as well.

To compile the front-end:

```
cargo install cargo-web
cargo web deploy -p plume-front
```
2018-12-25 11:51:40 +01:00
Baptiste Gelez
4ec2480f50
Post creation API (#307) 2018-12-24 16:42:40 +01:00
Baptiste Gelez
9e799f2cf2
Use SCSS (#355)
- Use variables
- Split everything in various files

The SCSS is compiled with `cargo build`/`run`

I also fixed a few visual issues.
2018-12-15 22:06:27 +01:00
Trinity Pointard
21fe63665d Upgrade rocket_csrf
Fix #346
2018-12-13 10:22:43 +01:00
fdb-hiroshima
e1ecc7289f
Upgrade plume dependencies (#332)
* Bump base64 from 0.9.3 to 0.10.0
* Bump bcrypt from 0.2.0 to 0.2.1
* Bump canapi from 0.1.0 to 0.2.0
* Bump failure from 0.1.2 to 0.1.3
* Bump hyper from 0.11.27 to 0.12.11
* Bump hyper from 0.11.27 to 0.12.16
* Bump lazy_static from 1.1.0 to 1.2.0
* Bump multipart from 0.15.3 to 0.15.4
* Bump openssl from 0.10.12 to 0.10.15
* Bump pulldown-cmark from 0.1.2 to 0.2.0
* Bump reqwest from 0.9.2 to 0.9.5
* Bump rocket from 0.4.0-rc.1 to 0.4.0
* Bump rpassword from 2.0.0 to 2.1.0
* Bump ructe from 0.5.2 to 0.5.4
* Bump serde_derive from 1.0.79 to 1.0.80
* Bump serde from 1.0.79 to 1.0.80
* Bump serde_json from 1.0.32 to 1.0.33
* Bump tera from 0.11.17 to 0.11.20
* Bump url from 1.7.1 to 1.7.2
* Bump validator to from 0.7.2 to 0.8.0
* Bump validator_derive from 0.7.2 to 0.8.0
* Bump whatlang from 0.5.0 to 0.6.0
* Remove hyper from plume-common dependencies
* Remove rpassword from Plume dependancies
* Upgrade compiler to nightly-2018-12-06
2018-12-07 21:00:12 +01:00
Baptiste Gelez
70af57c6e1
Use Ructe (#327)
All the template are now compiled at compile-time with the `ructe` crate.

I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() | filter }}` would result in a parsing error).

The diff is quite huge, but there is normally no changes in functionality.

Fixes #161 and unblocks #110 and #273
2018-12-06 18:54:16 +01:00
fdb-hiroshima
449641d158
Add a search engine into Plume (#324)
* Add search engine to the model

Add a Tantivy based search engine to the model
Implement most required functions for it

* Implement indexing and plm subcommands

Implement indexation on insert, update and delete
Modify func args to get the indexer where required
Add subcommand to initialize, refill and unlock search db

* Move to a new threadpool engine allowing scheduling

* Autocommit search index every half an hour

* Implement front part of search

Add default fields for search
Add new routes and templates for search and result
Implement FromFormValue for Page to reuse it on search result pagination
Add optional query parameters to paginate template's macro
Update to newer rocket_csrf, don't get csrf token on GET forms

* Handle process termination to release lock

Handle process termination
Add tests to search

* Add proper support for advanced search

Add an advanced search form to /search, in template and route
Modify Tantivy schema, add new tokenizer for some properties
Create new String query parser
Create Tantivy query AST from our own

* Split search.rs, add comment and tests

Split search.rs into multiple submodules
Add comments and tests for Query
Make user@domain be treated as one could assume
2018-12-02 17:37:51 +01:00
Trinity Pointard
00a205a882 Update debian installation doc
fix #305
Update debian installation doc
Remove need for libpq when compiling with sqlite backend
Remove some unneaded features of multipart to speed up compilation
2018-11-21 10:09:23 +01:00
Baptiste Gelez
6b2d9d4221
Tests infrastructure for plume-models (#302)
First step for testing `plume-models`. I only added one test for the moment, but we should add more in future PRs.
2018-11-01 22:23:38 +01:00
Baptiste Gelez
95326c09e0 Federate article covers 2018-10-31 15:07:40 +01:00
Trinity Pointard
ed5bafbbc4 Update webfinger and reqwest
Update webfinger to 0.3.1
Update reqwest to 0.9
Fix #257
2018-10-11 13:51:45 +02:00
Bat
5fa7a2a742 Remove legacy setup script 2018-10-06 12:31:00 +01:00
Bat
d0d1210e21 Document new command-line tools 2018-10-06 12:19:48 +01:00
Baptiste Gelez
b464671cf0
Merge pull request #226 from igalic/feat/sqlite
Add SQLite as supported database
2018-10-06 12:15:00 +01:00
Trinity Pointard
d3ed2d8af5 Fix regression and update rocket_csrf
Fix account creation, introduced by fceb9ab
Update to latest rocket_csrf
2018-10-02 11:51:12 +02:00
Igor Galić
e5691f7b23
add sqlite as diesel dependency 2018-09-30 14:13:42 +02:00
Trinity Pointard
fceb9ab0cd Update cookie management a bit
Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
2018-09-30 11:56:12 +02:00
Bat
72fd9eb610 API: Filter posts in the list 2018-09-29 15:45:27 +01:00
Bat
f893056d6d Mount the API endpoints 2018-09-25 20:45:32 +01:00
Bat
1500267125 Add canapi and try to use for the API 2018-09-19 15:49:34 +01:00
Bat
8fa83dfe25 Version bump
0.1.x was the pre-alpha.

The first Alpha will be 0.2.x
2018-09-11 19:53:14 +01:00
Bat
8879935925 Add the possibility to save an article as draft 2018-09-10 19:38:19 +01:00
Bat
2f53cb9122 Update rocket_csrf 2018-09-09 11:06:10 +01:00
Bat
c0d0f98d1f Update rocket_csrf and enable protection again 2018-09-09 10:27:03 +01:00
Bat
995c173146 Downgrade Tera + Temporary disable CSRF protection
Bugs in these crates prevented articles from displaying correctly.
2018-09-08 23:09:59 +01:00
Thomas Letan
0ef4717a7f deps: Update to a more recent rocket and rust toolchain
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.

Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.
2018-09-08 15:51:55 +02:00
Bat
772bb350ac Update rocket_csrf to support multipart forms 2018-09-03 10:21:33 +01:00
Bat
f44b6fffa3 Media upload 2018-09-02 21:55:42 +01:00
Bat
97c0b533ab Add Atom feeds for blogs and users 2018-09-01 21:08:26 +01:00
Bat
5583029b07 Update the WebFinger crate
Fixes an issue with some Mastodon accounts
2018-07-26 21:35:35 +02:00
Bat
1e5ad2b086 Add a job pool 2018-07-26 17:32:52 +02:00
Trinity Pointard
e9b2a20ad3 Update dependancie to rocket_csrf
fix #117
2018-07-20 17:24:34 +02:00
Baptiste Gelez
6fe70cd723
Merge pull request #111 from Plume-org/form-validation
Form validation
2018-07-08 14:28:47 +02:00
Bat
5f3afe900f Display errors on invalid forms
It will probably need a bit of styling…
2018-07-06 19:29:36 +02:00
Trinity Pointard
ec4b791727 Update dependancy to rocket_csrf
fix #96
2018-06-30 09:38:44 +02:00
Bat
b008e11fb0 Add validator 2018-06-29 14:22:43 +02:00
Baptiste Gelez
ca07950100
Merge pull request #83 from Plume-org/csrf-protection
Csrf protection
2018-06-26 16:30:24 +02:00
Bat
f805ec1d53 Introduce an environment variable to disable HTTPS, and use it when fetching WebFinger resources
You can now use USE_HTTPS=0 when debugging the federation locally.
2018-06-26 16:16:59 +02:00
Trinity Pointard
3b9c53bebc Use proper repository for rocket_csrf 2018-06-24 19:02:47 +02:00
Trinity Pointard
30e9620d0a Add csrf protection 2018-06-24 18:58:57 +02:00
Bat
68c7aad179 Big repository reorganization
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself

This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)
2018-06-23 17:36:11 +01:00
Bat
e7e557612e Rewrite User::from_activity to use the activitypub crate instead of raw JSON 2018-06-21 21:30:56 +01:00
Bat
4ea071e709 Switch to pulldown-cmark for markdown parsing + Try to parse mentions
It's not working correctly yet for some reason…
2018-06-20 15:29:19 +01:00
Bat
d00688e526 Admin creation 2018-06-19 16:14:52 +01:00
Bat
54e2cea83b Start a setup script
For now, it checks if the instance is ready, and if it is not starts the actual setup script.

Only the first actual step of the script, checking for native dependencies, is implemented.
2018-06-19 14:08:44 +01:00
Bat
5415b70854 Use the webfinger crate 2018-06-18 22:50:40 +01:00
Bat
36bf2e114c Fix local notifications 2018-06-18 12:32:03 +01:00
Bat
cafb0e2277 Use the rocket_i18n crate 2018-06-17 15:28:44 +01:00
Bat
b18aa33c70 Update to the latest version of Rocket, to use rocket_contrib::Template::custom 2018-06-16 18:39:22 +01:00
Bat
c9b4c40fa1 Add the gettext-rs crate 2018-06-15 14:08:38 +01:00
Bat
7d17751f50 Definitively get rid of the activitystreams crates 2018-06-11 13:30:14 +01:00
Trinity Pointard
7d9609671c change post.content and comment.content's types from String to SafeString 2018-06-11 12:22:43 +02:00
Bat
6ae1f405eb Remove unecessary dependencies 2018-06-10 12:17:31 +01:00
Bat
78362feffb Use the activitypub crate 2018-06-10 12:13:07 +01:00
Bat
93eb89bc77 Markdown!
Fixes #18
2018-05-24 11:42:45 +01:00
Bat
4a86af6fc1 Resolve activitystream TODOs 2018-05-18 23:04:30 +01:00
Bat
c779b1c58a WIP: use the activitystreams crate 2018-05-16 19:20:44 +01:00
Bat
fdc481e384 Use shared inbox when available
But it is not yet stored in the database, so it means never
2018-05-13 15:39:55 +01:00
Bat
3cf6836095 HTTP signature when sending activites 2018-05-04 16:18:00 +01:00
Bat
5f43f783b6 Use more env vars for config
It will make it easier to test federation
2018-05-02 12:53:42 +01:00
Bat
9a4f60cfe3 Accept follow requests 2018-05-01 19:02:29 +01:00
Bat
8047df6848 Display remote profiles! 2018-05-01 12:48:19 +01:00
Bat
59652e8655 Add a function to send activity to an inbox 2018-04-30 19:08:44 +01:00
Bat
e93bb3a21f Add creation timestamps 2018-04-30 18:46:27 +01:00
Bat
5e6be0cf93 WIP: signing 2018-04-29 16:40:10 +01:00
Bat
721456de30 Actually start playing with ActivityPub
And Rust
2018-04-24 15:52:47 +01:00
Bat
7b3a884ec6 Add ActivityPub endpoint for actors 2018-04-23 16:09:05 +01:00
Bat
9130f4d848 Basic blog creation 2018-04-23 11:54:37 +01:00
Bat
a7774444fe User creation 2018-04-22 19:13:12 +01:00
Bat
f060fa08af Initial commit
With instance configuration
2018-04-22 14:35:37 +01:00