Commit graph

134 commits

Author SHA1 Message Date
Kitaiti Makoto
d6a946f5b9 Validate spoofing for all activities 2020-12-22 16:31:12 +09:00
Kitaiti Makoto
46cdde8687 (cargo-release) start next development iteration {{next_version}} 2020-12-19 07:22:24 +09:00
Kitaiti Makoto
6b0dfb729c (cargo-release) version {{version}} 2020-12-19 07:22:19 +09:00
Kitaiti Makoto
984c0cda6b Add pre-release-hook to release.toml of subcrates to prevent running
one of root crate
2020-12-19 06:57:09 +09:00
Kitaiti Makoto
2eadb80435 Validate attributedTo in the case it is an object 2020-12-11 00:35:20 +09:00
Kitaiti Makoto
5bf1e81f0b Merge branch 'main' into validate-attributed-to 2020-12-09 23:43:29 +09:00
Kitaiti Makoto
50462204e8 Run cargo fmt 2020-12-07 02:04:37 +09:00
KitaitiMakoto
f5b18dffaf cargo release helper (again) (#835)
remove tag-prefix deletion

as discussed here: https://github.com/igalic/Plume/pull/1

Update all versions numbers

Update Crowdin config to v3 + Pull translations with cargo release

Follow a more standard CHANGELOG format

add release.toml configuration file for cargo-release

and also add overrides in all other crates, since we only have one
CHANGELOG.md: https://github.com/sunng87/cargo-release/issues/205
we might wanna have that looked at or fixed

ignore .vscode/

add / backfill Changelog.md

Co-authored-by: Mina Galić <me+git@igalic.co>
Co-authored-by: Ana Gelez <ana@gelez.xyz>
Reviewed-on: https://git.joinplu.me/Plume/Plume/pulls/835
2020-12-06 15:52:27 +00:00
Kitaiti Makoto
5cd8ae9106 Validate spoofing of Create activity 2020-12-03 19:20:10 +09:00
Kitaiti Makoto
350697f89a Run cargo fmt 2020-12-03 19:20:10 +09:00
Kitaiti Makoto
4e6d7b70cf Keep tags as-is 2020-11-22 22:24:43 +09:00
Mina Galić
a107d35492
upgrade rocket* to the latest stable
before we embark on upgrading to async, and all the refactoring that
this will bring on us (see #797 & #799), we should keep our `main`
branch as stable and current as possible.
Let's start by upgrading rocket and its dependencies.
2020-07-17 09:38:55 +02:00
KITAITI Makoto
197f0d7ecd
Add test for hash including ZWSP (#772)
* Add test for hash including ZWSP

* Run cargo fmt
2020-05-17 13:53:31 +02:00
KITAITI Makoto
6a3f210dfc
Keep atmarks and hashes in link (#765)
* [REFACTORING]Use DocumentContext during parsing Markdown

* Add test case for hash in link

* Make DocumentContext derive Debug

* Add in_link field in DocumentContext

* Don't make hash words tags in link

* Add test for atmark in link

* Don't make atmark words in link mentions
2020-05-03 14:50:32 +02:00
KITAITI Makoto
edaccd1a31
Fixes #757 Allow Unicode hashtags (#758)
* Add test for Persian language hashtags

See https://github.com/Plume-org/Plume/issues/757

* Add regex-syntax with unicode-perl feature to dependencies

* Install regex-syntax

* Allow hashtag to use Unicode word characters

* Run cargo fmt
2020-04-29 15:13:31 +02:00
Ana Gelez
5f8d6b8e0e Rust 2018! (#726) 2020-01-21 07:02:03 +01:00
fdb-hiroshima
3663bffe5c Update compiler (#725)
* update compiler to recent nightly

* cargo fmt

* fix clippy

but ructe code is still complaining

* update circleci and rocket_csrf

* fix last clippy problems

* cargo fmt

* fix build issue

was caused be improper handling of recursive template (comment) by old ructe, which is fixed on newer version
2020-01-19 12:52:32 +01:00
Violet White
e6bdeb7c4b Fix #699 (#719) 2020-01-12 13:24:41 +01:00
Violet White
458baf5f78 Syntax highlighting (#691)
* Syntax highlighting mostly... Exists.

* Add dependency to dockerfile

* Handle non-existent languages better

* Make the default a bit nicer

* Improve highlighting. Clean up function

* Add dark theme, add the comment scope to the allowed classes

* update build env

* Address review comments

* Use find_syntax_by_token which produces the desired behavior

* Change flat_map into flatten
(commit cargo.lock)
2019-12-30 14:35:27 +01:00
Ana Gelez
597778fd2f release Alpha 4 (#709)
* Update version numbers

* Update translations again

* Translations?

* This time translations should be here
2019-12-22 15:04:09 +01:00
fdb-hiroshima
fb60236a54
update dependancies (#643)
* Bump activitystreams-derive from 0.1.0 to 0.1.1
* Bump tantivy from 0.9.1 to 0.10.1
* Bump rpassword from 3.0.2 to 4.0.1
* Bump num_cpus from 1.10.0 to 1.10.1
* Bump serde_qs from 0.4.6 to 0.5.0
* Bump stdweb-internal-runtime from 0.1.3 to 0.1.4
* [Security] Bump smallvec from 0.6.9 to 0.6.10
* Bump chrono from 0.4.6 to 0.4.7
* Bump bcrypt from 0.4.0 to 0.5.0
* Bump serde_json from 1.0.39 to 1.0.40
* Bump tokio from 0.1.21 to 0.1.22
* Bump scheduled-thread-pool from 0.2.0 to 0.2.2
* Bump stdweb from 0.4.14 to 0.4.18
* Bump hyper from 0.12.29 to 0.12.33
* Bump reqwest from 0.9.17 to 0.9.19
* Bump url from 1.7.2 to 2.1.0
2019-08-14 15:04:30 +02:00
Baptiste Gelez
7ea4acc289
Use futures and tokio to send activities (#620)
* Use futures and tokio to send activities

* Reset .po files

* Cargo fmt + small enhancements

- better error messages
- removed a TODO

* Log all messages at the same time when federation succeeds
2019-06-27 17:46:05 +01:00
Igor Galić
8c59c822b6 refactor code to use Shrinkwraprs and diesel-derive-newtype (#598)
* add shrinkwraprs and implement Id thru it

This also means we can automatically convert Id to String without using
.into()!

* cleanup with the help of clippy!

* cleanup with the help of cargo fmt!

* remove extra block

* Shrinkwrap Page, ContentLen and RemoteForm

* translations
2019-05-25 19:23:45 +01:00
fdb-hiroshima
5579f64dd0
update dependancies (#574)
[Security] Bump ammonia from 2.0.0 to 2.1.1
Bump bcrypt from 0.2.2 to 0.4.0
Bump clap from 2.32.0 to 2.33.0
Bump colored from 1.7.0 to 1.8.0
Bump ctrlc from 3.1.1 to 3.1.2
Bump diesel from 1.4.1 to 1.4.2
Bump dotenv from 0.13.0 to 0.14.0
Bump hyper from 0.12.25 to 0.12.28
Bump openssl from 0.10.19 to 0.10.22
Bump proc-macro2 from 0.4.27 to 0.4.30
Bump reqwest from 0.9.11 to 0.9.16
Bump rpassword from 2.1.0 to 3.0.2
Bump serde_derive from 1.0.80 to 1.0.82
Bump serde_derive from 1.0.89 to 1.0.91
Bump serde from 1.0.89 to 1.0.91
Bump serde_qs from 0.4.5 to 0.4.6
Bump stdweb from 0.4.14 to 0.4.17
Bump syn from 0.11.11 to 0.15.27
Bump whatlang from 0.7.0 to 0.7.1
2019-05-12 10:41:47 +02:00
fdb-hiroshima
c52aac012c
make hashtags work in profile summary (#562)
* make hashtags work in profile summary

fix #541

* cargo fmt
2019-05-04 17:33:50 +02:00
fdb-hiroshima
33a0c7dcd3
reduce reqwest timeout to 5s (#557) 2019-04-30 23:30:13 +02:00
Baptiste Gelez
3ad1f6968c
Version bump: 0.3.0 (alpha 2) (#529) 2019-04-19 15:49:46 +01:00
Baptiste Gelez
12efe721cc
Big refactoring of the Inbox (#443)
* Big refactoring of the Inbox

We now have a type that routes an activity through the registered handlers
until one of them matches.

Each Actor/Activity/Object combination is represented by an implementation of AsObject

These combinations are then registered on the Inbox type, which will try to deserialize
the incoming activity in the requested types.

Advantages:
- nicer syntax: the final API is clearer and more idiomatic
- more generic: only two traits (`AsActor` and `AsObject`) instead of one for each kind of activity
- it is easier to see which activities we handle and which one we don't

* Small fixes

- Avoid panics
- Don't search for AP ID infinitely
- Code style issues

* Fix tests

* Introduce a new trait: FromId

It should be implemented for any AP object.

It allows to look for an object in database using its AP ID, or to dereference it if it was not present in database

Also moves the inbox code to plume-models to test it (and write a basic test for each activity type we handle)

* Use if let instead of match

* Don't require PlumeRocket::intl for tests

* Return early and remove a forgotten dbg!

* Add more tests to try to understand where the issues come from

* Also add a test for comment federation

* Don't check creation_date is the same for blogs

* Make user and blog federation more tolerant to errors/missing fields

* Make clippy happy

* Use the correct Accept header when dereferencing

* Fix follow approval with Mastodon

* Add spaces to characters that should not be in usernames

And validate blog names too

* Smarter dereferencing: only do it once for each actor/object

* Forgot some files

* Cargo fmt

* Delete plume_test

* Delete plume_tests

* Update get_id docs + Remove useless : Sized

* Appease cargo fmt

* Remove dbg! + Use as_ref instead of clone when possible + Use and_then instead of map when possible

* Remove .po~

* send unfollow to local instance

* read cover from update activity

* Make sure "cc" and "to" are never empty

and fix a typo in a constant name

* Cargo fmt
2019-04-17 18:31:47 +01:00
fdb-hiroshima
12c2078c89
Hide cw pictures behind a summary/details (#483)
* Hide cw pictures behind a summary/details
* refactor md_to_html a bit and add cw support
* use random id for cw checkbox
2019-04-06 19:20:33 +02:00
fdb-hiroshima
26fc2cde5d
use circleci instead of travis (#511)
Upgrade rust-toolchain
Upgrade Tantivy
Warning: tantivy now use a different file format, search index may need to be deleted and recreated to work as intended
try to run compile twice in a row because sometime oomk is evil
2019-04-01 20:28:23 +02:00
Baptiste Gelez
21cb0ef437 Always use GMT as a timezone for federation (#502)
To prevent a bug with Mastodon
2019-03-25 14:13:54 +01:00
Baptiste Gelez
bdfad844d7
Edit blogs, and add blog icons and banners (#460)
Also adds a parameter to `md_to_html` to only render inline elements (so that we don't have titles or images in blog descriptions). And moves the delete button for the blog on the edition page.

I still have to update the SQLite migration once others PRs with migrations will be merged.

Also, there will be a problem when you edit a blog while not owning its banner or icon: when validating they will be reset to their default values… I don't see a good solution to this until we have a better way to handle uploads with Rocket (the same is probably happening for articles btw).

And the icon/banner are not federated yet, I don't know if I should add it to this PR or if it can come after?

![image](https://user-images.githubusercontent.com/16254623/53894510-7d853300-4030-11e9-8a2c-f5c0b0c7f512.png)
![image](https://user-images.githubusercontent.com/16254623/53894539-8b3ab880-4030-11e9-8113-685a27be8d7c.png)

Fixes #453
Fixes #454
2019-03-22 19:51:36 +01:00
Atul Bhosale
b945d1f602 Run 'cargo fmt' to format code (#489) 2019-03-20 17:56:17 +01:00
Baptiste Gelez
42dca3daae
Remove some unused #[derive] (#473)
We used to need them, probably when we were using Tera.
2019-03-12 19:40:54 +01:00
fdb-hiroshima
944a9d08a7
Update dependencies (#428)
* Bump serde from 1.0.82 to 1.0.84
* Bump ructe from 0.5.4 to 0.5.6
* Bump colored from 1.6.1 to 1.7.0
* Bump itertools from 0.7.11 to 0.8.0
* Bump ammonia from 1.2.0 to 2.0.0
* Bump hyper from 0.12.19 to 0.12.20
* Bump serde_derive from 1.0.80 to 1.0.84
* Bump stdweb from 0.4.12 to 0.4.13
* Bump rsass from 0.9.4 to 0.9.6
* Bump failure from 0.1.3 to 0.1.5
* Bump reqwest from 0.9.5 to 0.9.8
* Bump serde_derive from 0.7.1 to 0.8.0
2019-01-18 19:22:36 +01:00
fdb-hiroshima
c502ae73f6
Encode redirect messages into valid url data (#409)
Ref #408
2019-01-05 19:36:55 +01:00
Baptiste Gelez
80a4dae8bd
Avoid panics (#392)
- Use `Result` as much as possible
- Display errors instead of panicking

TODO (maybe in another PR? this one is already quite big):
- Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error`
- Display more details about the error, to make it easier to debug

(sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes)
2018-12-29 09:36:07 +01:00
Baptiste Gelez
8ff6332784
I'm not the only one who made Plume è_é (#373) 2018-12-23 17:29:08 +01:00
fdb-hiroshima
0ea1d57e48
Fix some federation issues (#357)
* Fix some follow issues

Fix not receiving notifications when followed by remote users
Fix imposibility to be unfollowed by Mastodon/Pleroma users (tested only against Pleroma)

* Fix notification on every post

* Fix issues with federation

Send Link instead of Object when emiting Follow request
Receive both Link and Object for Follow request
Don't panic when fetching user with no followers or posts from Pleroma
Reorder follower routes so Activity Pub one is reachable

* Generate absolute urls for mentions and tags

* Verify author when undoing activity by Link
2018-12-23 11:12:15 +01:00
fdb-hiroshima
ab2998e214
Make Plume compile on release (#365)
* Remove use of String for body parameters

Create SignedJson and implement FromData for it

* Make Travis test on release

* Remove warning when installing and fix coverage
2018-12-22 18:27:21 +01:00
Trinity Pointard
2870642cfa Fix mentions containing underscores
Fix #338
2018-12-12 10:50:55 +01:00
Baptiste Gelez
b73fbd3768
License federation (#343)
* Federate license

* Make it possible to use no license
2018-12-09 18:43:34 +01:00
fdb-hiroshima
e1ecc7289f
Upgrade plume dependencies (#332)
* Bump base64 from 0.9.3 to 0.10.0
* Bump bcrypt from 0.2.0 to 0.2.1
* Bump canapi from 0.1.0 to 0.2.0
* Bump failure from 0.1.2 to 0.1.3
* Bump hyper from 0.11.27 to 0.12.11
* Bump hyper from 0.11.27 to 0.12.16
* Bump lazy_static from 1.1.0 to 1.2.0
* Bump multipart from 0.15.3 to 0.15.4
* Bump openssl from 0.10.12 to 0.10.15
* Bump pulldown-cmark from 0.1.2 to 0.2.0
* Bump reqwest from 0.9.2 to 0.9.5
* Bump rocket from 0.4.0-rc.1 to 0.4.0
* Bump rpassword from 2.0.0 to 2.1.0
* Bump ructe from 0.5.2 to 0.5.4
* Bump serde_derive from 1.0.79 to 1.0.80
* Bump serde from 1.0.79 to 1.0.80
* Bump serde_json from 1.0.32 to 1.0.33
* Bump tera from 0.11.17 to 0.11.20
* Bump url from 1.7.1 to 1.7.2
* Bump validator to from 0.7.2 to 0.8.0
* Bump validator_derive from 0.7.2 to 0.8.0
* Bump whatlang from 0.5.0 to 0.6.0
* Remove hyper from plume-common dependencies
* Remove rpassword from Plume dependancies
* Upgrade compiler to nightly-2018-12-06
2018-12-07 21:00:12 +01:00
Baptiste Gelez
70af57c6e1
Use Ructe (#327)
All the template are now compiled at compile-time with the `ructe` crate.

I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() | filter }}` would result in a parsing error).

The diff is quite huge, but there is normally no changes in functionality.

Fixes #161 and unblocks #110 and #273
2018-12-06 18:54:16 +01:00
Trinity Pointard
5f059c3e98 Fix issues with tags and mentions
Fix issue where leading @ or # of a mention/hashtag get duplicated
Fix issue where normal tags were being overwritten by hashtags
2018-12-06 15:10:07 +01:00
Trinity Pointard
39deede935 Verify signature date
Fix #286
Remove indexed from post_id search field as it was added by mistake
2018-12-04 00:08:55 +01:00
fdb-hiroshima
74c398d60c
Run cargo clippy on whole project (#322)
* Run cargo clippy on plume-common

Run clippy on plume-common and adjuste code accordingly

* Run cargo clippy on plume-model

Run clippy on plume-model and adjuste code accordingly

* Reduce need for allocation in plume-common

* Reduce need for allocation in plume-model

add a quick compilation failure if no database backend is enabled

* Run cargo clippy on plume-cli

* Run cargo clippy on plume
2018-11-26 10:21:52 +01:00
fdb-hiroshima
8a4702df92 Add unit tests for main model parts (#310)
Add tests for following models:
- Blog
- Instance
- Media
- User
2018-11-24 12:44:17 +01:00
KokaKiwi
100f6307a7 Set Content-Type for ActivityPub request to correct value. (#315) 2018-11-23 13:18:33 +01:00
Baptiste Gelez
6b2d9d4221
Tests infrastructure for plume-models (#302)
First step for testing `plume-models`. I only added one test for the moment, but we should add more in future PRs.
2018-11-01 22:23:38 +01:00
Baptiste Gelez
2394ff424b Add an ApiToken model, and an endpoint to get one 2018-10-30 18:13:49 +01:00
Trinity Pointard
1689813df4 Deduplicate tags and mentions
Use set to work on tags and mentions, allowing deduplication of them,
and clearer code
May also help with distinguishing tags and hashtags latter
2018-10-29 20:54:27 +01:00
Baptiste Gelez
fcf911fac9 ActivityPub: don't delete anything if the actor is not authorized 2018-10-22 16:29:25 +01:00
Trinity Pointard
95ea248518 Add support for hashtag on user interface
Add migration to fix typo
Add support for linking hashtags with posts
Rework tag search page so it says a nicer message than page not found
when no post use that tag
Add new string to translation
2018-10-20 19:27:49 +02:00
Trinity Pointard
4fa3a0f6ee Add support for hashtags in md parser 2018-10-20 16:38:16 +02:00
Trinity Pointard
4e6f3209d5 Normalize panic message
Change all unwrap to expect
Normalize expect's messages
Don't panic where it could be avoided easily
2018-10-20 08:44:33 +02:00
Trinity Pointard
ed5bafbbc4 Update webfinger and reqwest
Update webfinger to 0.3.1
Update reqwest to 0.9
Fix #257
2018-10-11 13:51:45 +02:00
Baptiste Gelez
8fdb55a501
Merge pull request #256 from Plume-org/verify-signature
Verify activity's signature
2018-10-10 21:31:11 +01:00
Bat
915b9bb0e5 Use env!("CARGO_PKG_VERSION") instead of hardcoding version when possible
See https://doc.rust-lang.org/cargo/reference/environment-variables.html#environment-variables-cargo-sets-for-crates
2018-10-06 18:55:30 +01:00
Trinity Pointard
0d6a2af851 Code style improvement 2018-10-06 10:57:37 +02:00
Trinity Pointard
3466e55548 Implement JSON-ld signature verification
Implement JSON-ld signature verification
Move signature verification functions to the proper file
2018-10-06 10:06:06 +02:00
Trinity Pointard
62c94ed463 Refactor and verify http signature on personnal inbox
Verify signature on personnal inbox
Reduce code duplication
Put Headers in plume-models
2018-10-03 20:48:25 +02:00
Trinity Pointard
0a5d435249 Verify http signatures 2018-10-03 09:31:38 +02:00
Trinity Pointard
d610ed1641 Add verify() to the Signer trait
And implement it for Blog and User
2018-09-30 12:08:04 +02:00
Trinity Pointard
eafe1ed490 Add content digest to signed http headers
Sign the Digest HTTP header
2018-09-30 12:08:04 +02:00
Bat
8fa83dfe25 Version bump
0.1.x was the pre-alpha.

The first Alpha will be 0.2.x
2018-09-11 19:53:14 +01:00
Bat
08cb337df6 Broadcast activities to all known instances
We consider everything posted with Plume public (for the moment at least)
2018-09-09 12:19:11 +01:00
Thomas Letan
0ef4717a7f deps: Update to a more recent rocket and rust toolchain
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.

Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.
2018-09-08 15:51:55 +02:00
Bat
7152d714ae Add a source property to posts
To store the Markdown
2018-09-06 20:00:55 +01:00
Bat
a54d2e9d71 Federate tags 2018-09-06 09:21:08 +01:00
Bat
97c0b533ab Add Atom feeds for blogs and users 2018-09-01 21:08:26 +01:00
Bat
cea548b821 Add a way to delete articles
Fixes #116
2018-09-01 16:28:47 +01:00
Bat
5583029b07 Update the WebFinger crate
Fixes an issue with some Mastodon accounts
2018-07-26 21:35:35 +02:00
Bat
6b58dcfda5 Fix a bug in mentions
Fixes #98
2018-07-18 19:00:49 +02:00
Bat
16124e890e Add some test for mentions 2018-07-18 18:35:50 +02:00
Bat
2b04b39f5d Correctly parse HTTP Accept headers 2018-07-18 16:58:28 +02:00
Bat
3d436c10b1 Accept more content types when making AP requests 2018-07-18 16:25:02 +02:00
Bat
389ad28d14 Don't broadcast activities to local users
Fix #80
2018-07-18 15:49:13 +02:00
Bat
b95e384ed7 Use the ApRequest guard for routes that need it + Fix a few issues with its impl
Also fixes some Rocket warnings!
2018-07-11 17:30:01 +02:00
Bat
8e47219d82 Add a ApRequest request guard to accept multiple ActivityPub header on one route 2018-07-09 17:24:53 +02:00
Bat
cb0b8297fa Fix a typo in the signature module
Thanks fdb-hiroshima for noticing it
2018-06-27 21:45:36 +02:00
Bat
507d3e6183 Use USE_HTTPS to compute AP URLs
Instead of relying on cfg(debug_assertions)
2018-06-26 16:21:58 +02:00
Bat
3bc90e71d4 Clean Cargo.toml files 2018-06-23 17:39:58 +01:00
Bat
68c7aad179 Big repository reorganization
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself

This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)
2018-06-23 17:36:11 +01:00