mirror of
https://github.com/LemmyNet/lemmy.git
synced 2024-09-27 22:01:57 +00:00
Merge branch 'main' into plugin-system
This commit is contained in:
commit
ea5a5522fb
5 changed files with 591 additions and 428 deletions
933
Cargo.lock
generated
933
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -157,10 +157,10 @@ ts-rs = { version = "7.1.1", features = [
|
||||||
"chrono-impl",
|
"chrono-impl",
|
||||||
"no-serde-warnings",
|
"no-serde-warnings",
|
||||||
] }
|
] }
|
||||||
rustls = { version = "0.21.11", features = ["dangerous_configuration"] }
|
rustls = { version = "0.23.5", features = ["ring"] }
|
||||||
futures-util = "0.3.30"
|
futures-util = "0.3.30"
|
||||||
tokio-postgres = "0.7.10"
|
tokio-postgres = "0.7.10"
|
||||||
tokio-postgres-rustls = "0.10.0"
|
tokio-postgres-rustls = "0.12.0"
|
||||||
urlencoding = "2.1.3"
|
urlencoding = "2.1.3"
|
||||||
enum-map = "2.7"
|
enum-map = "2.7"
|
||||||
moka = { version = "0.12.7", features = ["future"] }
|
moka = { version = "0.12.7", features = ["future"] }
|
||||||
|
|
|
@ -25,7 +25,7 @@ full = [
|
||||||
"lemmy_db_views_moderator/full",
|
"lemmy_db_views_moderator/full",
|
||||||
"lemmy_utils/full",
|
"lemmy_utils/full",
|
||||||
"activitypub_federation",
|
"activitypub_federation",
|
||||||
"encoding",
|
"encoding_rs",
|
||||||
"reqwest-middleware",
|
"reqwest-middleware",
|
||||||
"webpage",
|
"webpage",
|
||||||
"ts-rs",
|
"ts-rs",
|
||||||
|
@ -69,7 +69,7 @@ mime = { version = "0.3.17", optional = true }
|
||||||
webpage = { version = "1.6", default-features = false, features = [
|
webpage = { version = "1.6", default-features = false, features = [
|
||||||
"serde",
|
"serde",
|
||||||
], optional = true }
|
], optional = true }
|
||||||
encoding = { version = "0.2.33", optional = true }
|
encoding_rs = { version = "0.8.34", optional = true }
|
||||||
jsonwebtoken = { version = "8.3.0", optional = true }
|
jsonwebtoken = { version = "8.3.0", optional = true }
|
||||||
# necessary for wasmt compilation
|
# necessary for wasmt compilation
|
||||||
getrandom = { version = "0.2.14", features = ["js"] }
|
getrandom = { version = "0.2.14", features = ["js"] }
|
||||||
|
|
|
@ -6,7 +6,7 @@ use crate::{
|
||||||
utils::{local_site_opt_to_sensitive, proxy_image_link, proxy_image_link_opt_apub},
|
utils::{local_site_opt_to_sensitive, proxy_image_link, proxy_image_link_opt_apub},
|
||||||
};
|
};
|
||||||
use activitypub_federation::config::Data;
|
use activitypub_federation::config::Data;
|
||||||
use encoding::{all::encodings, DecoderTrap};
|
use encoding_rs::{Encoding, UTF_8};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
newtypes::DbUrl,
|
newtypes::DbUrl,
|
||||||
source::{
|
source::{
|
||||||
|
@ -160,11 +160,9 @@ fn extract_opengraph_data(html_bytes: &[u8], url: &Url) -> LemmyResult<OpenGraph
|
||||||
// proper encoding. If the specified encoding cannot be found, fall back to the original UTF-8
|
// proper encoding. If the specified encoding cannot be found, fall back to the original UTF-8
|
||||||
// version.
|
// version.
|
||||||
if let Some(charset) = page.meta.get("charset") {
|
if let Some(charset) = page.meta.get("charset") {
|
||||||
if charset.to_lowercase() != "utf-8" {
|
if charset != UTF_8.name() {
|
||||||
if let Some(encoding_ref) = encodings().iter().find(|e| e.name() == charset) {
|
if let Some(encoding) = Encoding::for_label(charset.as_bytes()) {
|
||||||
if let Ok(html_with_encoding) = encoding_ref.decode(html_bytes, DecoderTrap::Replace) {
|
page = HTML::from_string(encoding.decode(html_bytes).0.into(), None)?;
|
||||||
page = HTML::from_string(html_with_encoding, None)?;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,13 +33,22 @@ use lemmy_utils::{
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::Lazy;
|
||||||
use regex::Regex;
|
use regex::Regex;
|
||||||
use rustls::{
|
use rustls::{
|
||||||
client::{ServerCertVerified, ServerCertVerifier},
|
client::danger::{
|
||||||
ServerName,
|
DangerousClientConfigBuilder,
|
||||||
|
HandshakeSignatureValid,
|
||||||
|
ServerCertVerified,
|
||||||
|
ServerCertVerifier,
|
||||||
|
},
|
||||||
|
crypto::{self, verify_tls12_signature, verify_tls13_signature},
|
||||||
|
pki_types::{CertificateDer, ServerName, UnixTime},
|
||||||
|
ClientConfig,
|
||||||
|
DigitallySignedStruct,
|
||||||
|
SignatureScheme,
|
||||||
};
|
};
|
||||||
use std::{
|
use std::{
|
||||||
ops::{Deref, DerefMut},
|
ops::{Deref, DerefMut},
|
||||||
sync::Arc,
|
sync::Arc,
|
||||||
time::{Duration, SystemTime},
|
time::Duration,
|
||||||
};
|
};
|
||||||
use tracing::error;
|
use tracing::error;
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
@ -312,8 +321,9 @@ pub fn diesel_option_overwrite_to_url_create(opt: &Option<String>) -> LemmyResul
|
||||||
|
|
||||||
fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConnection>> {
|
fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConnection>> {
|
||||||
let fut = async {
|
let fut = async {
|
||||||
let rustls_config = rustls::ClientConfig::builder()
|
let rustls_config = DangerousClientConfigBuilder {
|
||||||
.with_safe_defaults()
|
cfg: ClientConfig::builder(),
|
||||||
|
}
|
||||||
.with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
|
.with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
|
||||||
.with_no_client_auth();
|
.with_no_client_auth();
|
||||||
|
|
||||||
|
@ -338,21 +348,55 @@ fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConne
|
||||||
fut.boxed()
|
fut.boxed()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
struct NoCertVerifier {}
|
struct NoCertVerifier {}
|
||||||
|
|
||||||
impl ServerCertVerifier for NoCertVerifier {
|
impl ServerCertVerifier for NoCertVerifier {
|
||||||
fn verify_server_cert(
|
fn verify_server_cert(
|
||||||
&self,
|
&self,
|
||||||
_end_entity: &rustls::Certificate,
|
_end_entity: &CertificateDer,
|
||||||
_intermediates: &[rustls::Certificate],
|
_intermediates: &[CertificateDer],
|
||||||
_server_name: &ServerName,
|
_server_name: &ServerName,
|
||||||
_scts: &mut dyn Iterator<Item = &[u8]>,
|
_ocsp: &[u8],
|
||||||
_ocsp_response: &[u8],
|
_now: UnixTime,
|
||||||
_now: SystemTime,
|
|
||||||
) -> Result<ServerCertVerified, rustls::Error> {
|
) -> Result<ServerCertVerified, rustls::Error> {
|
||||||
// Will verify all (even invalid) certs without any checks (sslmode=require)
|
// Will verify all (even invalid) certs without any checks (sslmode=require)
|
||||||
Ok(ServerCertVerified::assertion())
|
Ok(ServerCertVerified::assertion())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn verify_tls12_signature(
|
||||||
|
&self,
|
||||||
|
message: &[u8],
|
||||||
|
cert: &CertificateDer,
|
||||||
|
dss: &DigitallySignedStruct,
|
||||||
|
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||||
|
verify_tls12_signature(
|
||||||
|
message,
|
||||||
|
cert,
|
||||||
|
dss,
|
||||||
|
&crypto::ring::default_provider().signature_verification_algorithms,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn verify_tls13_signature(
|
||||||
|
&self,
|
||||||
|
message: &[u8],
|
||||||
|
cert: &CertificateDer,
|
||||||
|
dss: &DigitallySignedStruct,
|
||||||
|
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||||
|
verify_tls13_signature(
|
||||||
|
message,
|
||||||
|
cert,
|
||||||
|
dss,
|
||||||
|
&crypto::ring::default_provider().signature_verification_algorithms,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
|
||||||
|
crypto::ring::default_provider()
|
||||||
|
.signature_verification_algorithms
|
||||||
|
.supported_schemes()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn build_db_pool() -> LemmyResult<ActualDbPool> {
|
pub async fn build_db_pool() -> LemmyResult<ActualDbPool> {
|
||||||
|
|
Loading…
Reference in a new issue