Commit graph

769 commits

Author SHA1 Message Date
Dessalines
3e5d5abd53 Version v0.7.42 2020-08-06 17:37:08 -04:00
Felix Ableitner
313f315896 Various adjustments after review 2020-08-06 21:44:47 +02:00
Felix Ableitner
cc2c7db9fe Add security checks and slur checks for activitypub inbox 2020-08-06 15:01:42 +02:00
Dessalines
e645386842 Version v0.7.41 2020-08-05 13:55:14 -04:00
Dessalines
048271f59b Remove allowed thumbnail sizes for now. 2020-08-05 13:53:59 -04:00
Dessalines
88bd368660 Version v0.7.40 2020-08-05 12:41:40 -04:00
Dessalines
464ea862b1
Preferred usernames, banners and icons. (#1055)
* Re-organizing federation tests. #746 #1040

* Adding federation support for user bios. Fixes #992

* Adding icons, banners, and preferred usernames.

- Added optional community icons, and community banners.
- Added user banners.
- Added Site icon and banner, with custom favicon.
- Set up preferred usernames. Fixes #1017
- Added an additional post sort: Active
  - Hot rank now uses the published time.
  - Active uses the most recent comment time, and is default.
- DB Migration was required to add all these fields to the views.
- Added transfercommunity helper function.
- Removed title column from communities page.
- Abstracted an image-upload-form.tsx, and a banner-icon-header.tsx
- Fixes #899

* Some navbar fixes.

* Fixing css

* Some fixes.

- Showing correct user icon and banner after save without page reload.
- Abstracting diesel update overwrite.
- Adding some docs.

* Adding @ when a user doesn't have a preferred username.
2020-08-05 12:03:46 -04:00
nutomic
c34fffc2c4 Proxy pictrs requests through Lemmy (fixes #371) (#77)
fix check_only value for image rate limit

Fix image rate limit

Add rate limit for image uploads

Proxy pictrs requests through Lemmy (fixes #371)

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/77
2020-08-05 16:00:00 +00:00
Felix Ableitner
81d4922740 Instance shouldnt send Announce activities to itself 2020-08-05 17:41:35 +02:00
Felix Ableitner
233aa34d54 Verify ID of received apub objects against domain allowlist etc 2020-08-05 14:18:08 +02:00
Dessalines
e9e1497830
Add bio federation. (#1052)
* Re-organizing federation tests. #746 #1040

* Adding federation support for user bios. Fixes #992
2020-08-04 11:06:27 -04:00
Dessalines
e336e5bcc0
Re-organizing federation tests. #746 #1040 (#1047)
* Re-organizing federation tests. #746 #1040

* Add more checks in inbox, plus some refactoring (#76)

Merge branch 'main' into more-inbox-permissions

Move check_community_ban() into helper function

Move slur check into helper functions

Move Claims::decode and site ban check into helper function

Note: this changes behaviour in that site ban is checked in more
places now. we could easily add a boolean parameter
check_for_site_ban to get the previous behaviour back

Rewrite user_inbox and community_inbox in the same way as shared_inbox

Add check against instance allowlist etc in shared_inbox

Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev>
Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/76

* Adding verbose to test results.

Co-authored-by: nutomic <nutomic@noreply.yerbamate.dev>
Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev>
Co-authored-by: Felix Ableitner <me@nutomic.com>
2020-08-04 10:57:37 -04:00
Dessalines
97d2584a3b
Update deps (#1049) 2020-08-03 10:38:36 +00:00
Dessalines
ce874e183b Version v0.7.39 2020-08-02 10:52:42 -04:00
Dessalines
5b23595710 Version v0.7.38 2020-08-01 23:53:32 -04:00
Dessalines
dee5c302a8 Version v0.7.37 2020-08-01 20:04:14 -04:00
Dessalines
1a0f70450c Version v0.7.36 2020-08-01 19:17:53 -04:00
Felix Ableitner
e4d5614f3f Merge remote-tracking branch 'github/main' into main 2020-08-01 17:42:33 +02:00
andor0
b6411aba7a
Migrate from failure to anyhow and thiserror (#1042)
* Migrate from failure to anyhow and thiserror

* Replace 'format_err!' to 'anyhow!'
2020-08-01 14:04:42 +00:00
Felix Ableitner
9a004c4535 Update activitystreams to 0.7.0-alpha.3 (from crates.io) 2020-08-01 15:25:17 +02:00
Azriel Lector
1acb51105a
Add user bios (#1043)
* Add user bios

* Version v0.7.35

* Add domain name change instructions to docs. (#1044)

* Add domain name change instructions to docs.

* Changing docker execs to docker-compose execs

* Set maxLength to user bio and render as md

* Fix bio updating after SaveUserSetting

Co-authored-by: Dessalines <tyhou13@gmx.com>
Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
2020-07-30 21:08:13 -04:00
Dessalines
dc4ac6345c Version v0.7.35 2020-07-29 22:36:27 -04:00
Dessalines
f0ce7b0e0f Merge remote-tracking branch 'yerba/main' into main 2020-07-29 22:35:50 -04:00
Dessalines
25e61b276a Version v0.7.34 2020-07-29 22:30:38 -04:00
Felix Ableitner
678e1fa927 Add community outbox (ref #1018) 2020-07-29 22:49:52 +02:00
Felix Ableitner
705e74f4b9 Federate sticky flag (ref #1018) 2020-07-29 19:15:30 +02:00
Felix Ableitner
cee72065e9 Merge branch 'main' into inbox-refactoring 2020-07-29 15:41:05 +02:00
Dessalines
04cb1e0161 Version v0.7.33 2020-07-29 09:06:26 -04:00
Dessalines
49bd28e2d4
Adding visual captchas for register and login. (#1027)
* Adding visual captchas for register and login.

* Adding audio wav file for Captcha using espeak.

* Lots of captcha fixes.

- Removed login captchas.
- Added settings to disable captchas, and change difficulty.
- Captchas can only be checked / used once, front end gives a new one on
  failure.
- Added front end button for regenerating captcha.
- Added a disabled / pause button audio playing.

* Some more fixes.
2020-07-29 09:02:46 -04:00
Felix Ableitner
8ad4378960 Disable ID domain check in FromApub until we figure it out properly 2020-07-29 13:58:39 +02:00
Felix Ableitner
a85873d294 Take correct community uri in shared_inbox, rename fetch_remote* methods 2020-07-29 13:46:11 +02:00
Dessalines
5dd0efb280 Version v0.7.32 2020-07-29 00:29:56 -04:00
Dessalines
52b221e3c9 Version v0.7.31 2020-07-28 21:20:19 -04:00
Dessalines
ced3cbde73 Merge branch 'main' into inbox-refactoring-dessalines 2020-07-28 18:55:50 -04:00
Felix Ableitner
494fcfdb8f Add helper function to generate proper activity IDs 2020-07-28 19:23:16 +02:00
Dessalines
e605d58888 Merge branch 'main' into inbox-refactoring-merge 2020-07-28 12:08:28 -04:00
Dessalines
1ed63e99d9 Fix post thumbnail_url to use full urls. Fixes #632 2020-07-28 11:42:40 -04:00
Felix Ableitner
1ed7c59491 Refactor inbox, simplify and split into multiple files 2020-07-28 14:41:15 +02:00
Dessalines
6e4599411b
Adding inferno-helmet to fix page titles. Fixes #1028 (#1030) 2020-07-27 11:54:42 -04:00
Dessalines
c066915b8e
Federate sticky flag dessalines (#1021)
* Federate sticky flag (ref #1018)

* Adding tests for federated sticky and lock.

* Changing test to make sure it returns the correct locked error.

Co-authored-by: Felix Ableitner <me@nutomic.com>
2020-07-27 11:42:15 -04:00
Dessalines
d1342afe93
Remove extra jwt claims (for user settings) (#1025)
* Remove extra jwt claims (for user settings)

- The JWT token only contains the issuer, and your user id now.
- Now only a page refresh is necessary to pick up your settings on all
  clients, including theme, language, etc.
- GetSiteResponse now gives you your user and settings if logged in.
- Fixes #773

* Remove extra comment line, I tested nsfw

* Adding a todo to add a User_::readSafe()
2020-07-27 09:23:08 -04:00
Dessalines
617d636432 Version v0.7.30 2020-07-25 10:43:42 -04:00
Dessalines
0ff9af5ba5 Version v0.7.29 2020-07-24 22:06:16 -04:00
Riley
ceaa485f06
Update http sigs dependency (#1022) 2020-07-24 19:57:13 -04:00
Dessalines
edfd10262f Version v0.7.28 2020-07-23 09:48:39 -04:00
Dessalines
01cc8654e2
Fixing config_file env to use defaults instead (since its required). (#970)
* Fixing config_file env to use defaults instead (since its required). Fixes #764

* Changing the read / write to the custom config file one

* Adding a config note.
2020-07-22 20:17:41 -04:00
Dessalines
59da2976ab Some more API cleanup.
- Extracted methods for is_mod_or_admin, and is_admin.
- Removed admins from GetPostResponse and GetCommunityResponse.
- Some cleanup.
2020-07-22 14:20:08 -04:00
Dessalines
b6a6d52a92 Merge branch 'main' into api_edit_separation 2020-07-22 13:47:52 -04:00
Dessalines
db0d213710 Version v0.7.26 2020-07-22 09:56:15 -04:00
Felix Ableitner
3f00140f5d Use activitystreams from yerbamate.dev mirror (fixes #1012) 2020-07-22 00:07:09 +02:00
Dessalines
5e5063cbdd Adding some helper functions. 2020-07-21 13:52:57 -04:00
Dessalines
f81a7ad9ab Adding form_id to comment creates and edits.
- This adds a form_id to CreateComment, EditComment, and CommentResponse
- This is so any front end clients can add a randomly generated string,
  and know which comment they submitted, is the one they're getting
  back.
- This gets rid of all the weird complicated logic in handleFinished(),
  and should stop the comment forms getting cleared once and for all.
2020-07-21 10:56:41 -04:00
Dessalines
4b6a762a56 Added an is_mod_or_admin function to Community 2020-07-21 10:15:17 -04:00
Dessalines
55ce7b1339
Adding version to GetSite. Fixes #1001 (#1002)
* Adding version to GetSite. Fixes #1001

* Removing version.ts file
2020-07-21 13:20:23 +00:00
Dessalines
2eac037408 Adding post delete, remove, lock, and sticky. 2020-07-20 23:46:36 -04:00
Dessalines
fd96dfdb5e Added comment delete, remove, read. 2020-07-20 21:37:44 -04:00
Dessalines
ca7d2feedb Some GetUserDetails cleanup. 2020-07-20 15:32:15 -04:00
Dessalines
9bc6698f58 Added community delete and remove. 2020-07-20 13:37:39 -04:00
Dessalines
a67f46bec5 EditUserMention changed to MarkUserMentionAsRead. 2020-07-20 10:56:40 -04:00
Dessalines
0a28ffb9c4 Private message delete and read extracted. 2020-07-20 00:29:44 -04:00
Dessalines
2ff7acf207 Moving dupe checking to before new actor_id generation. 2020-07-19 13:32:50 -04:00
Dessalines
87202b4915 Fixing duplicate actor_id for community and user. Fixes #957 2020-07-19 13:12:42 -04:00
Dessalines
b03a2d7995 Ran cargo fmt. 2020-07-19 12:26:23 -04:00
Dessalines
3342a6a910 Version v0.7.25 2020-07-17 18:54:34 -04:00
eiknat
03758a4f92
validate post URLs on the backend (#990)
* added serverside url validation

* api.post: use if let instead of is_some

also add "invalid_url" to en.json

Co-authored-by: John Doe <dhas8m@protonmail.com>
2020-07-17 18:46:59 -04:00
nutomic
77a2a5eb01 Update activitystreams library to latest version (#71)
Merge branch 'main' into more-upgrade-apub-3

Update activitystreams library to latest version

Remove remaining usages of old activitystreams library

Migrate community inbox and user inbox

Migrate private message

Migrate post

Migrate community activities

Migrate extensions to new activitystreams library

Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev>
Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71
2020-07-17 21:11:07 +00:00
Dessalines
2a206e1b4d Version v0.7.24 2020-07-16 21:17:34 -04:00
Dessalines
1e30fcf235 Version v0.7.23 2020-07-16 21:13:18 -04:00
Felix Ableitner
2d4c41d2be Convert comments to new apub lib (including comment activities) 2020-07-15 18:26:37 +02:00
Felix Ableitner
ef8118f40f migrate post to new apub lib 2020-07-15 18:03:09 +02:00
Dessalines
f69f044aaa Version v0.7.22 2020-07-15 10:16:31 -04:00
Dessalines
9f36fd50b4
GetSite fixes. Fixes #975 (#978) 2020-07-15 10:00:55 -04:00
Dessalines
fc15276c10
Don't allow duplicate community names in API. #957 (#974) 2020-07-15 09:55:38 -04:00
Dessalines
78cb306c07
Don't allow community name editing. Fixes #964 (#973) 2020-07-15 09:53:52 -04:00
Dessalines
70f15ffd6f Version v0.7.21 2020-07-14 12:12:13 -04:00
Dessalines
cc0ae6343c
Fixing user mention reading. (#968) 2020-07-14 12:12:04 -04:00
Dessalines
5ccf81349e Version v0.7.20 2020-07-14 09:17:36 -04:00
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
Dessalines
52983907c4 Version v0.7.19 2020-07-13 15:21:16 -04:00
Dessalines
abe7a41f58 Version v0.7.18 2020-07-13 13:32:01 -04:00
Dessalines
ac56b57faa Merge branch 'fix-migrate-apub-lib' 2020-07-13 11:57:39 -04:00
Dessalines
e5d3e3a9c3
Adding a configurable config location through an env var. (#960)
* Adding a configurable config location through an env var.

- Its `LEMMY_CONFIG_LOCATION`
- Fixes #764

* Using a static for CONFIG_FILE again.

* Make clippy happy
2020-07-13 11:33:48 -04:00
Dessalines
ea0881f87e Using community-link instead. 2020-07-13 10:39:15 -04:00
Dessalines
1b7a4ac090 Merge branch 'add_post_title_to_comments_view' of https://github.com/makigi-io/makigi into makigi-io-add_post_title_to_comments_view 2020-07-13 09:57:37 -04:00
Felix Ableitner
bb3e29e5c4 Make reads from activitypub objects immutable 2020-07-13 15:56:58 +02:00
Riley
8f745b80d3
Wrap each inbox route individually (#954) 2020-07-13 09:55:55 -04:00
Dessalines
7556f8615f
Adding a community_name option to GetPosts /post/list . Fixes #800 (#942) 2020-07-13 09:50:13 -04:00
Dessalines
a7c1c472fe
Fixing admin and mod sort order. Fixes #939 (#941) 2020-07-13 09:42:03 -04:00
Ernest
9ad0a8825a Merge remote-tracking branch 'upstream/master' into add_post_title_to_comments_view 2020-07-13 08:45:57 +02:00
Ernest
e06d9a620c Add post title to user comments inbox view, comment_view, user_mention_view 2020-07-13 08:18:11 +02:00
Dessalines
f0357bc988 Version v0.7.17 2020-07-12 16:16:43 -04:00
Ernest
82dcaa4545 Migration fix 2020-07-12 20:27:21 +02:00
Ernest
b037ff922c Add post title to comments view #948 2020-07-12 17:26:10 +02:00
Dessalines
d63eb7c8f5 Version v0.7.16 2020-07-11 10:14:04 -04:00
Dessalines
cb77339370 Version v0.7.15 2020-07-10 21:38:24 -04:00
Tony Antonov
8d24659892
Forbid users to use empty titles for posts (#930)
- Add a regex that checks if string contains anything but whitespace
- Check for whitespace-only titles on post creation and edit
- Trim whitespace from titles before saving
- Add frontend validation to title
2020-07-10 21:15:53 -04:00
Dessalines
181374d2cc Fixing travis, adding a test.sh script. 2020-07-10 14:16:42 -04:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
Dessalines
debbd316c2 Version v0.7.14 2020-07-09 20:16:39 -04:00
Dessalines
961d65c0ee
Remove button for avatars. Fixes #755 (#924) 2020-07-09 20:04:09 -04:00