Commit graph

1561 commits

Author SHA1 Message Date
tobi 9d80f7fd68
[feature] Allow "charset=utf8" in incoming AP POST requests (#2564)
* [feature] Allow "charset=utf8" in incoming AP POST requests

* changed my mind

* document POSTing to a GtS inbox

* correct link
2024-01-22 14:33:01 +00:00
tobi 60d7060895
[docs] use latest cavage link for http signatures (#2565) 2024-01-22 15:29:01 +01:00
mirabilos 7c67021017
[docs] Add a few things to the FAQ. (#2557) 2024-01-22 13:37:34 +01:00
dependabot[bot] 605b2fde91
[chore]: Bump github.com/abema/go-mp4 from 1.1.1 to 1.2.0 (#2559) 2024-01-22 09:42:41 +00:00
dependabot[bot] a858831387
[chore]: Bump github.com/KimMachineGun/automemlimit from 0.4.0 to 0.5.0 (#2560) 2024-01-22 09:35:23 +00:00
tobi 4e0488acfe
[bugfix] fix array type for also_known_as_uris (#2553) 2024-01-21 16:34:38 +01:00
tobi bc51ec7d1b
[bugfix/frontend] Break word on profile field names and values (#2551) 2024-01-21 12:21:37 +01:00
Daenney 7f6b37ea4d
[docs] Updates for DB, swap and HTTP/2 on nginx (#2547)
* [docs] Add warning about DBs on network storage

* [docs] Mention tuning swappiness on Linux

* [docs] Mention enabling HTTP/2 on nginx
2024-01-21 11:35:52 +01:00
Daenney 74380ae8a1
[chore] Downgrade OTEL libraries to 1.20 (#2546)
For some reason httpconv seems to have disappeared from 1.21, which
results in a 1.21 runtime with 1.20 semconv/httpconv which seems to
break some things.

For now, this rolls the OTEL dependencies back to 1.20 which should fix
the observability issues. We'll need to take a look at how to upgrade
safely and correctly in the future.

Relates to #2503.
2024-01-21 11:34:12 +01:00
tobi b2cacd6b01
[bugfix] Prevent URL + URI for same account being used as alias target (#2545)
* [bugfix] Ensure URL and URI for same account can't both be provided as alias

* test whoopsie from previous PR
2024-01-20 12:45:43 +01:00
tobi 33dbd3ab7a
[bugfix] Ensure domain block side effects skipped if allow in place (blocklist mode) (#2542) 2024-01-19 13:13:24 +00:00
tobi 5ca86b1c57
[chore] Harden up boolptr logic on Accounts, warn if not set (#2544) 2024-01-19 13:02:04 +00:00
kim 7ec1e1332e
[performance] overhaul struct (+ result) caching library for simplicity, performance and multiple-result lookups (#2535)
* rewrite cache library as codeberg.org/gruf/go-structr, implement in gotosocial

* use actual go-structr release version (not just commit hash)

* revert go toolchain changes (damn you go for auto changing this)

* fix go mod woes

* ensure %w is used in calls to errs.Appendf()

* fix error checking

* fix possible panic

* remove unnecessary start/stop functions, move to main Cache{} struct, add note regarding which caches require start/stop

* fix copy-paste artifact... 😇

* fix all comment copy-paste artifacts

* remove dropID() function, now we can just use slices.DeleteFunc()

* use util.Deduplicate() instead of collate(), move collate to util

* move orderByIDs() to util package and "generify"

* add a util.DeleteIf() function, use this to delete entries on failed population

* use slices.DeleteFunc() instead of util.DeleteIf() (i had the logic mixed up in my head somehow lol)

* add note about how collate differs from deduplicate
2024-01-19 12:57:29 +00:00
kim 67e11a1a61
[chore] chore rationalise http return codes for activitypub handlers (#2540)
* some small code fixups and changes

* add check in ResolveIncomingActivity for transient activity types (i.e. activity ID is nil)

* update test to handle new transient behaviour
2024-01-18 17:11:13 +01:00
kim 906639ad7e
[chore] update viper version (#2539)
* update viper version

* removes our last uses of the slice package

* fix tests
2024-01-17 14:54:30 +00:00
tobi c5eced5fd1
[bugfix] Better Postgres search case insensitivity (#2526)
* [bugfix] Better Postgres search case insensitivity

* use ilike for postgres
2024-01-16 18:50:17 +01:00
tobi 486585890d
[feature] Move + alias account via settings panel (#2519)
* [feature] Move + alias account via settings panel

* lint

* type a bit more diligently
2024-01-16 18:28:56 +01:00
tobi c36f9ac37b
[feature] Account alias / move API + db models (#2518)
* [feature] Account alias / move API + db models

* go fmt

* fix little cherry-pick issues

* update error checking, formatting

* add and use new util functions to simplify alias logic
2024-01-16 16:22:44 +00:00
tobi ebf550b7c1
[chore] Move to codeberg's exif-terminator (#2536) 2024-01-15 20:54:32 +00:00
tobi 07aee57af2
[bugfix] Replace named unique constraint on header filter header with generic unique directive (#2525)
* [bugfix] Replace named unique constraint on header filter header with generic unique directive

* add migration retry

* the old fixie uppie

* fix constraint name

* my goodness
2024-01-15 15:39:10 +00:00
tobi 02668756a7
[docs] Update roadmap for 2024 onwards (#2521) 2024-01-15 14:17:17 +00:00
dependabot[bot] d6eb7caae7
[chore]: Bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#2531) 2024-01-15 13:31:30 +00:00
tobi 6433a50582
[chore] update bun + extras v1.1.16 -> v1.1.17 (#2534) 2024-01-15 14:08:07 +01:00
dependabot[bot] a43ce99da9
[chore]: Bump github.com/tdewolff/minify/v2 from 2.20.12 to 2.20.14 (#2530)
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.20.12 to 2.20.14.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.20.12...v2.20.14)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:02:40 +01:00
dependabot[bot] 637a57f2de
[chore]: Bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.2 (#2532)
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.1 to 5.5.2.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.1...v5.5.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:02:02 +01:00
dependabot[bot] b70ec68499
[chore]: Bump golang.org/x/net from 0.19.0 to 0.20.0 (#2533)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/net/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:01:35 +01:00
tobi 9607b482cc
[chore/docs] Replace specific year range of copyright notice (#2520) 2024-01-13 16:33:53 +01:00
kim dfc7656579
[bugfix] fix higher-level explicit domain rules causing issues with lower-level domain blocking (#2513)
* fix the sort direction of domain cache child nodes ...

* add more domain cache test cases

* add specific test for this bug to database domain test suite (thanks for writing this @tsmethurst!)

* remove unused field (this was a previous attempt at a fix)

* remove debugging println statements 😇
2024-01-09 13:12:43 +00:00
dependabot[bot] 87bb596a02
Bump follow-redirects from 1.15.3 to 1.15.4 in /web/source (#2512)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.3 to 1.15.4.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.3...v1.15.4)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 10:32:39 +00:00
dependabot[bot] d9127f5630
[chore]: Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 (#2507)
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 10:30:01 +00:00
kim 10660e566d
[bugfix] misc dereferencer fixes (#2475)
* only perform status-up-to-date checks if no statusable has been provided

* copy over the same style of freshness checking from status deref -> accounts

* change some var names

* check for empty account domain
2024-01-09 10:42:39 +01:00
tobi 7cce1a7cc6
[bugfix] Outdent placeholder from <aside> when returning unknown media attachments (#2485)
* [bugfix] Outdent placeholder from `<aside>`

* visually separate placeholder note from body

* fix test
2024-01-09 10:41:32 +01:00
tobi aad3384c98
[feature] Log pubKeyID for http-signed requests (#2501) 2024-01-09 10:41:15 +01:00
dependabot[bot] 022bfda52a
[chore]: Bump golang.org/x/image from 0.14.0 to 0.15.0 (#2506)
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/image/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 10:40:59 +01:00
dependabot[bot] f0c3533862
[chore]: Bump github.com/tdewolff/minify/v2 from 2.20.9 to 2.20.12 (#2509)
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.20.9 to 2.20.12.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.20.9...v2.20.12)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 10:40:38 +01:00
tobi 72d0f46b0b
[feature] Allow webp emoji uploads / derefs (#2484) 2024-01-05 13:39:53 +01:00
tobi d5e3996a18
[feature] Parse instance descriptors as markdown, show T&C on /about (#2481)
* [feature] Parse instance descriptors as markdown, show T&C on /about

* lint

* remove unnecessary nullzero tags
2024-01-05 13:39:31 +01:00
kim 511ad97fe7
[bugfix] fix check for closed poll to account for non-zero closed time but in the future (#2486) 2024-01-03 18:42:58 +01:00
dependabot[bot] 0cb1dd493c
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.65 to 7.0.66 (#2467)
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.65 to 7.0.66.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.65...v7.0.66)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
2024-01-03 10:34:54 +00:00
kim 31481fad35
[bugfix] increases sleep time before check in throttle test, to give more leeway (#2482) 2024-01-03 10:27:55 +00:00
Daenney a15415b1a2
[docs] Describe how to block IPs using a firewall (#2459)
* [docs] Describe how to block IPs using a firewall

This adds some documentation on how to block one, multiple or whole IP
ranges using the firewall. This can be helpful to protect from DDoS
attacks or block certain parties from being able to communicate with
your instance at all.

* [docs] Fix indenting of nft rule

* [docs] Split iptables and nftables into sections
2024-01-03 10:14:38 +00:00
dependabot[bot] 3ab6214449
[chore]: Bump github.com/jackc/pgx/v5 from 5.5.0 to 5.5.1 (#2468)
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.0 to 5.5.1.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.0...v5.5.1)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 10:03:16 +00:00
dependabot[bot] d685e86432
[chore]: Bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2469)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 10:03:06 +00:00
dependabot[bot] 0e56867d8b
[chore]: Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#2478)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 10:02:49 +00:00
dependabot[bot] ed1a656be9
[chore]: Bump modernc.org/sqlite from 1.27.0 to 1.28.0 (#2470)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.27.0 to 1.28.0.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.27.0...v1.28.0)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 10:01:54 +00:00
tobi 0ff52b71f2
[chore] Refactor HTML templates and CSS (#2480)
* [chore] Refactor HTML templates and CSS

* eslint

* ignore "Local"

* rss tests

* fiddle with OG just a tiny bit

* dick around with polls a bit more so SR stops saying "clickable"

* remove break

* oh lord

* don't lazy load avatar

* fix ogmeta tests

* clean up some cruft

* catch remaining calls to c.HTML

* fix error rendering + stack overflow in tag

* allow templating attributes

* fix indent

* set aria-hidden on status complementary content, since it's already present in the label anyway

* tidy up templating calls a little

* try to make styling a bit more consistent + readable

* fix up some remaining CSS issues

* fix up reports
2023-12-27 11:23:52 +01:00
kim 97a1fd9a29
[bugfix] 😇 (#2476) 2023-12-18 16:40:29 +00:00
kim 8ebb7775a3
[feature] request blocking by http headers (#2409) 2023-12-18 14:18:25 +00:00
Sam Lade 07bd848028
fix poll total vote double count (#2464) 2023-12-16 19:12:25 +00:00
Sam Lade 285d55dda8
[feature] Push status edit messages into open streams (#2418)
* push status edit messages into open streams

* fix a few comments

* test++

* commented out code? moi?
2023-12-16 12:55:49 +01:00